Well, I had a try with Object.defineProperty, but I could not get it to work fine with RTCPeerConnection. On the contrary, my (not so nice) solution to set brutally mozRTCPeerConnection to false seems to be working.
I had a look with a debugger, and trying to access window.mozRTCPeerConnection returns false (in the console), and so does it in the script running (with a breakpoint in the if statement with the iframe trick, I can confirm it enters the iframe due to this script).
Blocking on an API basis
Re: Blocking on an API basis
Mozilla/5.0 (X11; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0
Re: Blocking on an API basis
Looks like you need to supply a getter that returns a function.
(Weird, that wasn't needed before...)
Code: Select all
Object.defineProperty(window, 'mozRTCPeerConnection', {get:function(){console.log('rtc');return function(){};},set:function(){}});*Always* check the changelogs BEFORE updating that important software!
-
Re: Blocking on an API basis
Indeed, it works. Thanks a lot!
It's really weird that I have to return a function in the getter… Do you have any idea why is this happening? Especially as manually overriding mozRTCPeerConnection, brutally, was working, but only in the main window and not in the iframe.
Thanks
It's really weird that I have to return a function in the getter… Do you have any idea why is this happening? Especially as manually overriding mozRTCPeerConnection, brutally, was working, but only in the main window and not in the iframe.
Thanks
Mozilla/5.0 (X11; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0
Re: Blocking on an API basis
No, it's black magic to me.phyks wrote:It's really weird that I have to return a function in the getter… Do you have any idea why is this happening?
I have no idea why I even tried that in the first place.Also, that trick isn't needed in SeaMonkey.
*Always* check the changelogs BEFORE updating that important software!
-
Re: Blocking on an API basis
Arf =( I am not a huge fan of black magic,especially when it comes to security concerns… But it works and will do the trick for a PoC 
I'll try to find more infos about what is happening, and will have a look at plugins API in Firefox, to have something that may be more robust.
I'll try to find more infos about what is happening, and will have a look at plugins API in Firefox, to have something that may be more robust.
Mozilla/5.0 (X11; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0
Re: Blocking on an API basis
+1phyks wrote:Arf =( I am not a huge fan of black magic,especially when it comes to security concerns…
Good, especially since that PoC is not designed to work around this trick, it's coincidence that it's being difficult herephyks wrote:But it works and will do the trick for a PoC
This method is robust for the time being... but please post your findings if you find anything noteworthy or interesting. I too like to block individual JS properties, and if there's a better way I'd like to know.phyks wrote:I'll try to find more infos about what is happening, and will have a look at plugins API in Firefox, to have something that may be more robust.
*Always* check the changelogs BEFORE updating that important software!
-