Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bypass naive WebRTC blocking #8

Merged
merged 2 commits into from
Feb 5, 2015
Merged

Bypass naive WebRTC blocking #8

merged 2 commits into from
Feb 5, 2015

Conversation

upsuper
Copy link
Contributor

@upsuper upsuper commented Feb 1, 2015

This can bypass the Chrome extension "WebRTC Block".

@upsuper
Copy link
Contributor Author

upsuper commented Feb 5, 2015

Ping?

@diafygi
Copy link
Owner

diafygi commented Feb 5, 2015

Sorry for the delay, I wanted to reach out to the WebRTC Block developers and give them a few days to update their extension. However, I have not heard back, so I will merge this pull request. Thanks!

diafygi added a commit that referenced this pull request Feb 5, 2015
@diafygi
Merge pull request #8 from upsuper/patch-1
d9da4fd 
Bypass naive WebRTC blocking
@diafygi diafygi merged commit d9da4fd into diafygi:master Feb 5, 2015
@upsuper
Copy link
Contributor Author

upsuper commented Feb 5, 2015

Actually, I don't think it is possible to fix this problem in a Chrome extension.

@upsuper upsuper deleted the patch-1 branch February 5, 2015 20:37
@ghost
Copy link

ghost commented Feb 5, 2015

It appears to me that rebuilding chromium with -Denable_webrtc=0 is the real way to disable WebRTC. (haven't tested yet)

@fippo
Copy link

fippo commented Feb 9, 2015

@upsuper should be possible by adding

      "all_frames": true,
      "match_about_blank": true,

to the content_scripts section in the extension manifest. That way, the content script is executed on about:blank iframes as well.

@upsuper
Copy link
Contributor Author

upsuper commented Feb 9, 2015

@fippo I don't think so. I don't think the browser should run any other script when one piece of script is running.

@fippo
Copy link

fippo commented Feb 9, 2015

@upsuper take the webrtcblock source from chromes extension directory, modify the manifest.json as indicated, import it as your own extension. breaks the (awesome) iframe hack for me.

@upsuper
Copy link
Contributor Author

upsuper commented Feb 9, 2015

@fippo then I just need to specify iframe.sandbox = 'allow-same-origin' in addition, the content script will be bypassed again :)

@upsuper
Copy link
Contributor Author

upsuper commented Feb 9, 2015

@diafygi you probably could also add the code I just mentioned above to the detection script.

@diafygi
Copy link
Owner

diafygi commented Feb 9, 2015

Pull request please? Please update both the README.md and the index.html.

@upsuper
Copy link
Contributor Author

upsuper commented Feb 9, 2015

OK, I'll do it later. It seems I can't change two files in one commit on Github directly.

@ZimTester
Copy link

@upsuper On newest versions of Chrome iframe.sandbox = 'allow-same-origin' doesn't bypass this @fippo's way anymore, adding

   "content_scripts": [ {
      "all_frames": true,
      "match_about_blank": true,

in manifest.json is really break this webrtc-ips, tested on latest Chromium LKGR build for Win: #9662
(chrome version: 43.0.2314.0)

P.S. Also you can modify

      "matches": [ "http://*/*", "https://*/*" ],

to

      "matches": [ "http://*/*", "https://*/*", "file://*/*" ],

for a quick local check / for blocking from local host(s) files too.

@ZimTester ZimTester mentioned this pull request Feb 25, 2015
Merged
@Piseth6655
Copy link

cf559b5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@upsuper @diafygi @fippo @ZimTester @Piseth6655