Page 1 of 1

iframe.contentWindow surrogate

Posted: Mon Nov 09, 2015 8:51 pm
by fatboy
On the basis of the sample code and FireGloves made a surrogate:

Code: Select all

replacement
Object.defineProperty(window, "screen", {enumerable:true, get:function(){return {width: 1280, height: 800, availWidth: 1280, availHeight: 800, colorDepth: 24, pixelDepth: 24, top: 0, left: 0, availTop:0, availLeft: 0}}, set:function(){}});
sources: @*
It works. But if on the page https://www.browserleaks.com/javascript click on the button "iframe.contentWindow" appears real screen (with FireGloves this button is not pressed, with Random Agent Spoofer displayed the real screen, with Tor displayed 0x0 (UPD: even if privacy.resistFingerprinting;false)).
Made a surrogate:

Code: Select all

replacement
Object.defineProperty(window.HTMLIFrameElement.prototype, "contentWindow", {get: function() {}});
sources: @ * or !@ * same result.
It works, but not the content is displayed or not the buttons are pressed on the pages, which uses maps, such as:
maps.yandex.com, warfly.ru, google.com/maps and others. Is it possible to alter the surrogate to not have to make exceptions for sites such as these?
Here are the codes FireGloves and Tor: http://pastebin.com/v5h6JJBQ http://pastebin.com/yDimVJ6b http://pastebin.com/P7pZUAJR
Maybe they will help.

Re: iframe.contentWindow surrogate

Posted: Thu Nov 12, 2015 4:50 pm
by barbaz
Can you please post your sources value(s)?
What is the iframe's URL?

Re: iframe.contentWindow surrogate

Posted: Thu Nov 12, 2015 8:25 pm
by fatboy
> ...sources value(s)?
Added.

> What is the iframe's URL?
For example: https://maps.yandex.com/. Need to allow: https://maps.yandex.com, https://api-maps.yandex.ru, https://yastatic.net.
There are several buttons: Layers, Routes and so forth. None is pressed.
Error console:

Code: Select all

Error: TypeError: this._iframe[0].contentWindow is undefined
Source File: https://yastatic.net/maps-beta/2.31.9/build/index/_index.en.js
Line: 4

Re: iframe.contentWindow surrogate

Posted: Thu Nov 12, 2015 11:43 pm
by barbaz
I'm not sure * is a valid sources value.
Try @^https?:// or

Code: Select all

@^(?!chrome)[0-9A-Za-z-]+://

Re: iframe.contentWindow surrogate

Posted: Fri Nov 13, 2015 9:45 am
by fatboy
> I'm not sure * is a valid sources value.
viewtopic.php?p=12319#p12319
@^https?:// already tried before. @^(?!chrome)[0-9A-Za-z-]+:// works too, thank you. It seems to me that the case "replacement". Probably I badly explained. Surrogate works: if on the browserleaks.com click on the button "iframe.contentWindow" appears 1280x800, as I indicated in window.screen. But I wish he didn't harm the maps.

Re: iframe.contentWindow surrogate

Posted: Fri Nov 13, 2015 2:13 pm
by barbaz
You are blocking the entire contentWindow property when you only want to spoof screen... that's like using a sledgehammer instead of a needle.

If you want to make the maps site work you can probably specify a noscript.surrogate.<name>.exceptions pref, or tweak the surrogate (or sources regex) to exclude whatever the maps site requires.
Other possibility is to make the iframe contentWindow property return the top-level window, but it may break things in a different way.


I still think it's weird that you aren't getting the surrogate to apply to iframes. I will look into this in more detail later.