Conversation

Notices

1. Wrongthink (wrongthink@cdrom.tokyo)'s status on Friday, 14-Apr-2023 08:52:13 JST Wrongthink

   archive.today is still encumbered with clownflare but for whatever reason, its usage of clownflare remains undetected by Block Cloudflare MitM addon.

   Makes me wonder how many other sites are flying under the radar.

   • Wrongthink (wrongthink@cdrom.tokyo)'s status on Friday, 14-Apr-2023 10:57:36 JST Wrongthink

     in reply to

     Fedi probably isn’t the place to post this, but I already opened the can of worms here.

     The relevant code block from block_cloudflare_mitm_fx:

     if (cf_hostname.length>=4){ var mitm_is=0;var mitm_cdnname='Cloudflare'; for(var i=0;i<cf_gothead.length;i++){ var cfv=cf_gothead[i]; var cfv_vname=cfv['name'];if (cfv_vname!=undefined){cfv_vname=cfv_vname.toLowerCase();} var cfv_vvalue=cfv['value'];if (cfv_vvalue!=undefined){cfv_vvalue=cfv_vvalue.toLowerCase();} //< //Cloudflare if (cfv_vname=='cf-ray' && cfv_vvalue!=undefined){mitm_is=1;break;} if (cfv_vname=='server' && cfv_vvalue.includes("cloudflare")){mitm_is=1;break;} if (cfv_vname=='cf-cache-status' && cfv_vvalue!=undefined){mitm_is=1;break;} if (cfv_vname=='set-cookie' && cfv_vvalue.includes("__cfduid")){mitm_is=1;break;} //Incapsula if (stop_incapsula==1){ if (cfv_vname.includes("incap_") && cfv_vvalue!=undefined){mitm_is=1;mitm_cdnname='Incapsula';break;} if (cfv_vname=='x-iinfo' && cfv_vvalue!=undefined){mitm_is=1;mitm_cdnname='Incapsula';break;} if (cfv_vname=='x-cdn' && cfv_vvalue=='incapsula'){mitm_is=1;mitm_cdnname='Incapsula';break;} if (cfv_vname=='set-cookie' && cfv_vvalue.includes("visid_incap_")){mitm_is=1;mitm_cdnname='Incapsula';break;} } //GPShield if (stop_gshield==1){ if (cfv_vname=='server' && cfv_vvalue=='shield'){mitm_is=1;mitm_cdnname='Google Project Shield';break;} if (cfv_vname=='x-shield-request-id' && cfv_vvalue!=undefined){mitm_is=1;mitm_cdnname='Google Project Shield';break;} } //Sucuri if (stop_sucuri==1){ if (cfv_vname=='x-sucuri-cache' && cfv_vvalue!=undefined){mitm_is=1;mitm_cdnname='Sucuri';break;} if (cfv_vname=='x-sucuri-id' && cfv_vvalue!=undefined){mitm_is=1;mitm_cdnname='Sucuri';break;} if (cfv_vname=='set-cookie' && cfv_vvalue.includes("sucuri-")){mitm_is=1;mitm_cdnname='Sucuri';break;} } //> }

     The implementation archive.today is using isn’t matching the conditionals somewhere here. The extension hasn’t been updated in five years, so I’m not sure the original author is still around to accept any changes.

     0 contributions in the last year

     Ah, the glowies got him