aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortheopensourceguy <dev@theopensourceguy.de>2019-08-13 11:12:57 +0200
committertheopensourceguy <dev@theopensourceguy.de>2019-08-13 11:12:57 +0200
commitca9eff5efe56e4ac1d65fda6e3d91dc6235986ac (patch)
tree32cfee30241c3fe5c35c5c2259deb6ba0fe3a2fe
parentb47900cbf82cdb216f7e3bd7961d29b7f6e1e507 (diff)
downloadfrost-ca9eff5efe56e4ac1d65fda6e3d91dc6235986ac.tar.gz
frost-ca9eff5efe56e4ac1d65fda6e3d91dc6235986ac.tar.bz2
frost-ca9eff5efe56e4ac1d65fda6e3d91dc6235986ac.zip
Obfuscate window tags for JS injection
* Generates a random prefix at startup * Obfuscates tags based on their hashCode and a salt generated at startup as well as the generated prefix * Name mappings are logged in debug mode
-rw-r--r--app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt40
1 files changed, 39 insertions, 1 deletions
diff --git a/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt b/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt
index 13032479..5d8c55e6 100644
--- a/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt
+++ b/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt
@@ -16,10 +16,14 @@
*/
package com.pitchedapps.frost.injectors
+import android.util.Log
import android.webkit.WebView
+import com.pitchedapps.frost.BuildConfig
+import com.pitchedapps.frost.utils.L
import com.pitchedapps.frost.web.FrostWebViewClient
import org.apache.commons.text.StringEscapeUtils
import java.util.Locale
+import kotlin.random.Random
class JsBuilder {
private val css = StringBuilder()
@@ -38,7 +42,7 @@ class JsBuilder {
}
fun single(tag: String): JsBuilder {
- this.tag = "_frost_${tag.toLowerCase(Locale.CANADA)}"
+ this.tag = TagObfuscator.obfuscateTag(tag)
return this
}
@@ -106,4 +110,38 @@ fun FrostWebViewClient.jsInject(vararg injectors: InjectorContract) = web.jsInje
class JsInjector(val function: String) : InjectorContract {
override fun inject(webView: WebView) =
webView.evaluateJavascript(function, null)
+}
+
+/**
+ * Helper object to obfuscate window tags for JS injection.
+ */
+private object TagObfuscator {
+
+ fun obfuscateTag(tag: String) : String {
+ val rnd = Random(tag.hashCode() + salt)
+ val obfuscated = StringBuilder()
+ .append(prefix)
+ .append(randomChars(rnd, tag.length))
+ L._d { "TagObfuscator: Obfuscating tag '$tag' to '$obfuscated'" }
+ //if (BuildConfig.DEBUG) {
+ // return "_frost_${tag.toLowerCase(Locale.CANADA)}"
+ //} else
+ return obfuscated.toString()
+ }
+
+ private val salt by lazy { System.currentTimeMillis() }
+
+ private val prefix by lazy {
+ val rnd = Random(System.currentTimeMillis())
+ val length = rnd.nextInt(10, 16)
+ randomChars(rnd, length)
+ }
+
+ private fun randomChars(random: Random, count: Int) : String {
+ val result = StringBuilder()
+ for (i in 1..count) {
+ result.append('a' + random.nextInt(0, 26))
+ }
+ return result.toString()
+ }
} \ No newline at end of file