Skip to content

Commit

Permalink
Bypass Enhanced Tracking Protection
Browse files Browse the repository at this point in the history
Load the abs.twimg.com in the sandbox which does not run into the
firefox builtin blocker, i'm guessing because its js world is considered
part of the twitter.com page and thus allowed to bypass the twitter.com
blocker or some shit idk
  • Loading branch information
tbodt committed Sep 1, 2024
1 parent c6ad6fc commit 7ea802a
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 21 deletions.
26 changes: 22 additions & 4 deletions sandbox.html
Original file line number Diff line number Diff line change
Expand Up @@ -22,17 +22,35 @@
let data = event.data;
if (data.action === 'init') {
try {
let url = `https://abs.twimg.com/responsive-web/client-web/ondemand.s.${data.challengeCode}a.js`
let challengeData;
try {
challengeData = await fetch(url).then(res => res.text());
} catch(e) {
await sleep(500);
try {
challengeData = await fetch(url).then(res => res.text());
} catch(e) {
await sleep(1000);
try {
challengeData = await fetch(url).then(res => res.text());
} catch(e) {
throw new Error('Failed to fetch challenge data: ' + e);
}
}
}

let animsDiv = document.getElementById('anims');
for(let anim of data.anims) {
animsDiv.innerHTML += `\n${anim}`;
}
let verif = document.querySelector('meta[name="twitter-site-verification"]');
verif.content = data.verificationCode;
let headerRegex = /(\d+):(.+)=>.+default:\(\)=>(\w).+,\w\(\d+\)\;/;
let headerMatch = data.code.match(headerRegex);
let headerMatch = challengeData.match(headerRegex);
if(!headerMatch) {
console.error('Uh oh, header not found!! Report to https://github.com/dimdenGD/OldTwitter/issues');
event.source.postMessage({action: 'initError', error: `Header not found at ${data.challengeCode} (${String(data.code).slice(0, 500)}...)`}, event.origin);
event.source.postMessage({action: 'initError', error: `Header not found at ${data.challengeCode} (${String(challengeData).slice(0, 500)}...)`}, event.origin);
initError = true;
return;
}
Expand All @@ -41,7 +59,7 @@
// It only ever executes code from trusted Twitter domain, abs.twimg.com (specifically their script that generates security headers)
// It's impossible to have it contained in extension itself, since it's generated dynamically
// you can see where script is loaded in scripts/twchallenge.js
eval(data.code.replace(headerRegex, '$1:$2=>{window._CHALLENGE=()=>$3;'));
eval(challengeData.replace(headerRegex, '$1:$2=>{window._CHALLENGE=()=>$3;'));
let id = headerMatch[1];
webpackChunk_twitter_responsive_web[0][1][id]();
solver = window._CHALLENGE()();
Expand Down Expand Up @@ -85,4 +103,4 @@
});
</script>
</body>
</html>
</html>
17 changes: 0 additions & 17 deletions scripts/twchallenge.js
Original file line number Diff line number Diff line change
Expand Up @@ -149,22 +149,6 @@ async function initChallenge() {
let anims = Array.from(dom.querySelectorAll('svg[id^="loading-x"]')).map(svg => svg.outerHTML);

let challengeCode = homepageData.match(/"ondemand.s":"(\w+)"/)[1];
let challengeData;
try {
challengeData = await _fetch(`https://abs.twimg.com/responsive-web/client-web/ondemand.s.${challengeCode}a.js`).then(res => res.text());
} catch(e) {
await sleep(500);
try {
challengeData = await _fetch(`https://abs.twimg.com/responsive-web/client-web/ondemand.s.${challengeCode}a.js`).then(res => res.text());
} catch(e) {
await sleep(1000);
try {
challengeData = await _fetch(`https://abs.twimg.com/responsive-web/client-web/ondemand.s.${challengeCode}a.js`).then(res => res.text());
} catch(e) {
throw new Error('Failed to fetch challenge data: ' + e);
}
}
}

OLDTWITTER_CONFIG.verificationKey = verificationKey;

Expand All @@ -173,7 +157,6 @@ async function initChallenge() {
if(!solverIframe || !solverIframe.contentWindow) return setTimeout(sendInit, 50);
solverIframe.contentWindow.postMessage({
action: 'init',
code: challengeData,
challengeCode,
anims,
verificationCode: OLDTWITTER_CONFIG.verificationKey
Expand Down

0 comments on commit 7ea802a

Please sign in to comment.