diff options
author | theopensourceguy <dev@theopensourceguy.de> | 2019-08-13 11:12:57 +0200 |
---|---|---|
committer | theopensourceguy <dev@theopensourceguy.de> | 2019-08-13 11:12:57 +0200 |
commit | ca9eff5efe56e4ac1d65fda6e3d91dc6235986ac (patch) | |
tree | 32cfee30241c3fe5c35c5c2259deb6ba0fe3a2fe | |
parent | b47900cbf82cdb216f7e3bd7961d29b7f6e1e507 (diff) | |
download | frost-ca9eff5efe56e4ac1d65fda6e3d91dc6235986ac.tar.gz frost-ca9eff5efe56e4ac1d65fda6e3d91dc6235986ac.tar.bz2 frost-ca9eff5efe56e4ac1d65fda6e3d91dc6235986ac.zip |
Obfuscate window tags for JS injection
* Generates a random prefix at startup
* Obfuscates tags based on their hashCode and a salt
generated at startup as well as the generated prefix
* Name mappings are logged in debug mode
-rw-r--r-- | app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt b/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt index 13032479..5d8c55e6 100644 --- a/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt +++ b/app/src/main/kotlin/com/pitchedapps/frost/injectors/JsInjector.kt @@ -16,10 +16,14 @@ */ package com.pitchedapps.frost.injectors +import android.util.Log import android.webkit.WebView +import com.pitchedapps.frost.BuildConfig +import com.pitchedapps.frost.utils.L import com.pitchedapps.frost.web.FrostWebViewClient import org.apache.commons.text.StringEscapeUtils import java.util.Locale +import kotlin.random.Random class JsBuilder { private val css = StringBuilder() @@ -38,7 +42,7 @@ class JsBuilder { } fun single(tag: String): JsBuilder { - this.tag = "_frost_${tag.toLowerCase(Locale.CANADA)}" + this.tag = TagObfuscator.obfuscateTag(tag) return this } @@ -106,4 +110,38 @@ fun FrostWebViewClient.jsInject(vararg injectors: InjectorContract) = web.jsInje class JsInjector(val function: String) : InjectorContract { override fun inject(webView: WebView) = webView.evaluateJavascript(function, null) +} + +/** + * Helper object to obfuscate window tags for JS injection. + */ +private object TagObfuscator { + + fun obfuscateTag(tag: String) : String { + val rnd = Random(tag.hashCode() + salt) + val obfuscated = StringBuilder() + .append(prefix) + .append(randomChars(rnd, tag.length)) + L._d { "TagObfuscator: Obfuscating tag '$tag' to '$obfuscated'" } + //if (BuildConfig.DEBUG) { + // return "_frost_${tag.toLowerCase(Locale.CANADA)}" + //} else + return obfuscated.toString() + } + + private val salt by lazy { System.currentTimeMillis() } + + private val prefix by lazy { + val rnd = Random(System.currentTimeMillis()) + val length = rnd.nextInt(10, 16) + randomChars(rnd, length) + } + + private fun randomChars(random: Random, count: Int) : String { + val result = StringBuilder() + for (i in 1..count) { + result.append('a' + random.nextInt(0, 26)) + } + return result.toString() + } }
\ No newline at end of file |