-
Notifications
You must be signed in to change notification settings - Fork 2
/
overwrite.js
51 lines (46 loc) · 2.25 KB
/
overwrite.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
// code to overwrite navigator.credentials.get and .create
var code = `
// intercept webauthn credentials.get and forward to FeIDo extension
navigator.credentials.get = async function(opts) {
console.log("Intercepted navigator.credentials.get().");
window.postMessage([opts, "fromWebsite", "credentials.get"], origin);
// listen for postMessage from content script and in Promise
return new Promise(resolve => {
window.addEventListener("message", function(event) {
if (event.source == window && event.data && event.data[1] == "fromContentScript") {
console.log("Received message from content script." + JSON.stringify(event.data));
resolve(event.data[0]);
}});
});
};
// intercept webauthn credentials.create and forward to FeIDo extension
navigator.credentials.create = async function(opts) {
console.log("Intercepted navigator.credentials.create().");
window.postMessage([opts, "fromWebsite", "credentials.create"], origin);
// listen for postMessage from content script and in Promise
return new Promise(resolve => {
window.addEventListener("message", function(event) {
if (event.source == window && event.data && event.data[1] == "fromContentScript") {
console.log("Received message from content script." + JSON.stringify(event.data));
resolve(event.data[0]);
}});
});
};
`;
// inject code into website
var script = document.createElement('script');
script.textContent = code;
(document.head||document.documentElement).appendChild(script);
script.remove();
// listen for postMessage from website and forward to background script
window.addEventListener("message", function(event) {
if (event.source == window && event.data && event.data[1] == "fromWebsite") {
console.log("Forwarding navigator." + event.data[2] + " to background script.");
browser.runtime.sendMessage({"opts": event.data[0], "type": event.data[2], "origin": origin})
}
});
// listen for sendMessage from background script and forward to injected code
browser.runtime.onMessage.addListener(function(event) {
console.log("Recevied sendMessage from background script: " + event);
window.postMessage([event, "fromContentScript"], origin);
});