ver:2.0.14 (momosecurity#30)

## [2.0.14]-2023-03-15 感谢 hyasin 对复制字符体验的反馈 ### 变更 - 优化了信息来源提示改到 < 图标上，以优化信息的复制体验。 - 优化了IP、域名信息提取逻辑，从已提取url中继续提取相关联的信息。 ### 修复 - 修复白名单设置后展示的bug。
xElkomy · Mar 16, 2023 · d516816 · d516816
1 parent b9a0c35
commit d516816
Show file tree

Hide file tree

Showing 7 changed files with 91 additions and 57 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # 变更日志
 此项目的所有显著更改将记录在此文件中。
+## [2.0.14]-2023-03-15
+感谢 hyasin 对复制字符体验的反馈
+### 变更
+- 优化了信息来源提示改到 < 图标上，以优化信息的复制体验。
+- 优化了IP、域名信息提取逻辑，从已提取url中继续提取相关联的信息。
+### 修复
+- 修复白名单设置后展示的bug。
+
 ## [2.0.13]-2023-03-07
 感谢 osxtest 为本项目贡献代码
 感谢 冰茶、 明月清风、 不悲、 1nfosec、 潜龙在渊 等师傅对来源提示和超链接功能的建议

diff --git a/background.js b/background.js
@@ -703,7 +703,8 @@ var nuclei_regex = [
     /["']?[\w_-]*?accesskey[\w_-]*?["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi,
     /["']?[\w_-]*?secret[\w_-]*?["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi,
     /["']?[\w_-]*?bucket[\w_-]*?["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi,
-    /["']?[\w_-]*?token[\w_-]*?["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi
+    /["']?[\w_-]*?token[\w_-]*?["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi,
+    /["']?[-]+BEGIN \w+ PRIVATE KEY[-]+/gi,
 ]
 var tab_url = {};
 var selected_id = -1;
@@ -738,6 +739,12 @@ function find(arr1,arr2) {
 }
 //去重合并两个数组 并集
 function add(arr1,arr2) {
+  if(!arr1){
+    return arr2
+  }
+  if(!arr2){
+    return arr1
+  }
   arr1.forEach(function (item,index,array) {
     if(arr2.indexOf(item)==-1){
       arr2.push(item)
@@ -774,7 +781,15 @@ function collect_static(arr1,arr2) {
 function sub_1(arr1) {
   var arr3 = []
   arr1.forEach(function (item,index,array) {
-    arr3.push(item.substring(1,item.length-1))
+    let start = 0
+    let end = 0
+    if(item.startsWith("'") || item.startsWith('"')){
+        start = 1
+    }
+    if(item.endsWith("'") || item.endsWith('"')){
+        end = 1
+    }
+    arr3.push(item.substring(start,item.length-end))
   })
   return arr3
 }
@@ -816,6 +831,13 @@ function extract_info(data) {
   // search_data['algorithm'] = data.match(/\WBase64\.encode\(|\WBase64\.decode\(|\Wbtoa\(|\Watob\(|\WCryptoJS\.AES\.|\WCryptoJS\.DES\.|\WJSEncrypt\(|\Wrsa\.|\WKJUR\.|\W$\.md5\(|\Wmd5\(|\Wsha1\(|\Wsha256\(|\Wsha512\(/gi);
   extract_data['algorithm'] = data.match(/\W(Base64\.encode|Base64\.decode|btoa|atob|CryptoJS\.AES|CryptoJS\.DES|JSEncrypt|rsa|KJUR|$\.md5|md5|sha1|sha256|sha512)[\(\.]/gi);
   extract_data['secret'] = get_secret(data);
+  if (extract_data['url']){
+        extract_data['url'].map((url)=>{
+        extract_data['ip'] = add(extract_data['ip'], url.match(/['"](([a-zA-Z0-9]+:)?\/\/)?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/g))
+        extract_data['ip_port'] = add(extract_data['ip_port'], url.match(/['"](([a-zA-Z0-9]+:)?\/\/)?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}(\/.*?)?['"]/g))
+        extract_data['domain'] = add(extract_data['domain'], url.match(/['"](([a-zA-Z0-9]+:)?\/\/)?[a-zA-Z0-9\-\.]*?\.(xin|com|cn|net|com.cn|vip|top|cc|shop|club|wang|xyz|luxe|site|news|pub|fun|online|win|red|loan|ren|mom|net.cn|org|link|biz|bid|help|tech|date|mobi|so|me|tv|co|vc|pw|video|party|pics|website|store|ltd|ink|trade|live|wiki|space|gift|lol|work|band|info|click|photo|market|tel|social|press|game|kim|org.cn|games|pro|men|love|studio|rocks|asia|group|science|design|software|engineer|lawyer|fit|beer|我爱你|中国|公司|网络|在线|网址|网店|集团|中文网)(\:\d{1,5})?/g))
+      })
+  }
   return extract_data;
 }
 

diff --git a/content.js b/content.js
@@ -102,42 +102,42 @@ chrome.storage.local.get(["global_float"], function(settings){
     const div = document.createElement('div');
     div.setAttribute("id","findsomething-float-div");
     div.innerHTML = `
-    <findsomething-div id="neko" style="width:410px;max-height:500px;font-size:14px;color:#000000;box-shadow: 0 2px 12px 0 rgba(0,0,0,0.1) ;background-color: #fff;border-radius: 5px;border: 1px solid #ebebeb;left:20px;top:20px;position: fixed;z-index: 1000000;overflow:scroll;">
-          <findsomething-div id="neko-title" style="display: flex;justify-content: space-between;">
-            <findsomething-div id="taskstatus" style="height: 34px; line-height: 34px; margin-left: 10px;"></findsomething-div>
+    <findsomething-div id="findsomething_neko" style="width:410px;max-height:500px;font-size:14px;color:#000000;box-shadow: 0 2px 12px 0 rgba(0,0,0,0.1) ;background-color: #fff;border-radius: 5px;border: 1px solid #ebebeb;left:20px;top:20px;position: fixed;z-index: 1000000;overflow:scroll;">
+          <findsomething-div id="findsomething_neko-title" style="display: flex;justify-content: space-between;">
+            <findsomething-div id="findsomething_taskstatus" style="height: 34px; line-height: 34px; margin-left: 10px;"></findsomething-div>
             <findsomething-div style="cursor: pointer;margin-top: 2px;margin-right: 10px;" onclick='(function(){document.getElementById("findsomething-float-div").removeChild(document.getElementById("neko"));})()'>隐藏</findsomething-div>
           </findsomething-div>
             <findsomething-div style="width: 300px; margin-top: 10px;">
                 <findsomething-div class="findsomething-title">IP<button type="button" class="finsomething_copy" name="ip">复制</button></findsomething-div>
-                <findsomething-p id="ip" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">IP_PORT<button class="finsomething_copy" name="ip_port">复制</button></findsomething-div>
-                <findsomething-p id="ip_port" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">域名<button class="finsomething_copy" name="domain">复制</button></findsomething-div>
-                <findsomething-p id="domain" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">身份证<button class="finsomething_copy" name="sfz">复制</button></findsomething-div>
-                <findsomething-p id="sfz" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">手机号<button class="finsomething_copy" name="mobile">复制</button></findsomething-div>
-                <findsomething-p id="mobile" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">邮箱<button class="finsomething_copy" name="mail">复制</button></findsomething-div>
-                <findsomething-p id="mail" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">JWT<button class="finsomething_copy" name="jwt">复制</button></findsomething-div>
-                <findsomething-p id="jwt" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">算法<button class="finsomething_copy" name="algorithm">复制</button></findsomething-div>
-                <findsomething-p id="algorithm" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">Secret<button class="finsomething_copy" name="secret">复制</button></findsomething-div>
-                <findsomething-p id="secret" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">Path<button class="finsomething_copy" name="path">复制</button></findsomething-div>
-                <findsomething-p id="path" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">IncompletePath<button class="finsomething_copy" name="incomplete_path">复制</button></findsomething-div>
-                <findsomething-p id="incomplete_path" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">Url<button class="finsomething_copy" name="url">复制</button></findsomething-div>
-                <findsomething-p id="url" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
-                <findsomething-div class="findsomething-title">StaticUrl<button class="finsomething_copy" name="static">复制</button></findsomething-div>
-                <findsomething-p id="static" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-p id="findsomething_ip" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">IP_PORT<button class="findsomething_copy" name="ip_port">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_ip_port" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">域名<button class="findsomething_copy" name="domain">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_domain" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">身份证<button class="findsomething_copy" name="sfz">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_sfz" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">手机号<button class="findsomething_copy" name="mobile">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_mobile" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">邮箱<button class="findsomething_copy" name="mail">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_mail" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">JWT<button class="findsomething_copy" name="jwt">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_jwt" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">算法<button class="findsomething_copy" name="algorithm">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_algorithm" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">Secret<button class="findsomething_copy" name="secret">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_secret" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">Path<button class="findsomething_copy" name="path">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_path" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">IncompletePath<button class="findsomething_copy" name="incomplete_path">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_incomplete_path" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">Url<button class="findsomething_copy" name="url">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_url" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
+                <findsomething-div class="findsomething-title">StaticUrl<button class="findsomething_copy" name="static">复制</button></findsomething-div>
+                <findsomething-p id="findsomething_static" style="word-break:break-word;margin-left:10px;">🈚️</findsomething-p>
             </findsomething-div>
     </findsomething-div>
         <style type="text/css">
-        .finsomething_copy {
+        .findsomething_copy {
             border-style: none;
             background-color: #ffffff;
             float: right;
@@ -171,7 +171,7 @@ chrome.storage.local.get(["global_float"], function(settings){
         </style>
         `
     body.appendChild(div)
-    var neko = document.querySelector('#neko');
+    var neko = document.querySelector('#findsomething_neko');
     var nekoW = neko.offsetWidth;
     var nekoH = neko.offsetHeight;
     var cuntW = 0;
@@ -198,7 +198,7 @@ chrome.storage.local.get(["global_float"], function(settings){
         obj.style.transform = ' rotate(' + a + ')'
     }
 
-    var nekotitle = document.querySelector('#neko-title');
+    var nekotitle = document.querySelector('#findsomething_neko-title');
     nekotitle.onmousedown = function (e) {
         var nekoL = e.clientX - neko.offsetLeft;
         var nekoT = e.clientY - neko.offsetTop;
@@ -273,7 +273,7 @@ chrome.storage.local.get(["global_float"], function(settings){
 });
 
 function init_copy() {
-    var elements = document.getElementsByClassName("finsomething_copy");
+    var elements = document.getElementsByClassName("findsomething_copy");
     if (elements) {
         for (var i=0, len=elements.length|0; i<len; i=i+1|0) {
             let ele_name = elements[i].name;
@@ -309,15 +309,15 @@ function show_info(result_data) {
                 for(var i in result_data[key[k]]){
                     p = p + result_data[key[k]][i] +'\n'
                 }
-                document.getElementById(key[k]).style.whiteSpace="pre";
-                document.getElementById(key[k]).textContent=p;
+                document.getElementById("findsomething_"+key[k]).style.whiteSpace="pre";
+                document.getElementById("findsomething_"+key[k]).textContent=p;
             }
         }
     }
 }
 function get_info() {
     chrome.runtime.sendMessage({greeting: "get", current: window.location.href}, function(result_data) {
-        let taskstatus = document.getElementById('taskstatus');
+        let taskstatus = document.getElementById('findsomething_taskstatus');
         if(!taskstatus){
             return;
         }

diff --git a/manifest.json b/manifest.json
@@ -1,6 +1,6 @@
 {
   "name": "FindSomething",
-  "version": "2.0.13",
+  "version": "2.0.14",
   "manifest_version": 3,
   "description": "在网页的源代码或js中找到一些有趣的东西",  
   "permissions": [     

diff --git a/popup.html b/popup.html
@@ -63,6 +63,15 @@
         height: 16px;
         line-height: 16px;
     }
+    .tips {
+        display: inline-block;
+        border-top: 0.2px solid;
+        border-right: 0.2px solid;
+        width: 10px;
+        height: 10px;
+        border-color: #EA6000;
+        transform: rotate(-135deg);
+    }
     a{
         text-decoration:none;
         color:#333;

diff --git a/popup.js b/popup.js
@@ -58,21 +58,6 @@ function sleep (time) {
   return new Promise((resolve) => setTimeout(resolve, time));
 }
 
-// 实体编码，防止xss
-function htmlEncodeByRegExp(str) {
-    var s = '';
-    if(str.length === 0) {
-        return '';
-    }
-    s = str.replace(/&/g,'&amp;');
-    s = s.replace(/</g,'&lt;');
-    s = s.replace(/>/g,'&gt;');
-    s = s.replace(/ /g,'&nbsp;');
-    s = s.replace(/\'/g,'&#39;');
-    s= s.replace(/\"/g,'&quot;');
-    return s;
-}
-
 function show_info(result_data) {
     for (var k in key){
         if (result_data[key[k]]){
@@ -83,17 +68,20 @@ function show_info(result_data) {
             }
             container.style.whiteSpace = "pre";
             for (var i in result_data[key[k]]){
+                let tips = document.createElement("div");
+                tips.setAttribute("class", "tips")
                 let link = document.createElement("a");
-                link.textContent = result_data[key[k]][i]+'\n';
                 let source = result_data['source'][result_data[key[k]][i]];
                 if (source) {
                     //虽然无法避免被xss，但插件默认提供了正确的CSP，这意味着我们即使不特殊处理，javascript也不会被执行。
                     // source = 'javascript:console.log`1`'
                     link.setAttribute("href", source);
                     link.setAttribute("title", source);
                 }
+                link.appendChild(tips);
                 let span = document.createElement("span");
-                span.appendChild(link);
+                span.textContent = result_data[key[k]][i]+'\n';
+                container.appendChild(link);
                 container.appendChild(span);
             }
         }

diff --git a/settings.js b/settings.js
@@ -64,6 +64,13 @@ chrome.storage.local.get(["webhook_setting"], function(settings){
 	document.getElementById('headers').value = JSON.stringify(settings["webhook_setting"]['headers']);
 });
 chrome.storage.local.get(["global_float"], function(settings){
-	document.getElementById('global_float').textContent = settings["global_float"]==true ? "已打开" : "已关闭";});
+	document.getElementById('global_float').textContent = settings["global_float"]==true ? "已打开" : "已关闭";
+});
 chrome.storage.local.get(["fetch_timeout"], function(settings){
-	document.getElementById('fetch_timeout').textContent = settings["fetch_timeout"]==true ? "已打开" : "已关闭";});
+	document.getElementById('fetch_timeout').textContent = settings["fetch_timeout"]==true ? "已打开" : "已关闭";
+});
+chrome.storage.local.get(["allowlist"], function(allowlist){
+	if(allowlist && allowlist["allowlist"]){
+		document.getElementById('allowlist').textContent = allowlist["allowlist"].join('\n');
+	}
+});