Stop Nefarious Redirects

Block unauthorized redirects and prevent history manipulation

当前为 2024-05-25 提交的版本,查看 最新版本

  1. // ==UserScript==
  2. // @name Stop Nefarious Redirects
  3. // @namespace http://tampermonkey.net/
  4. // @version 4.0
  5. // @description Block unauthorized redirects and prevent history manipulation
  6. // @match http://*/*
  7. // @match https://*/*
  8. // @grant GM_setValue
  9. // @grant GM_getValue
  10. // @grant GM_xmlhttpRequest
  11. // @license MIT
  12. // @run-at document-start
  13. // ==/UserScript==
  14.  
  15. (function() {
  16. 'use strict';
  17.  
  18. console.log('Script initialization started.');
  19.  
  20. // Manual blacklist
  21. const manualBlacklist = new Set([
  22. 'getrunkhomuto.info'
  23. ]);
  24.  
  25. // List of allowed popups domains
  26. const allowedPopups = [
  27. '500px.com', 'accuweather.com', 'adobe.com', 'adulttime.com', 'alibaba.com', 'amazon.com', 'amazonaws.com',
  28. 'amd.com', 'americanexpress.com', 'anaconda.com', 'angular.io', 'ap.org', 'apache.org', 'apnews.com',
  29. 'apple.com', 'arstechnica.com', 'artstation.com', 'asana.com', 'asus.com', 'atlassian.com', 'autodesk.com',
  30. 'axios.com', 'battle.net', 'bbc.co.uk', 'bbc.com', 'behance.net', 'bestbuy.com', 'bing.com', 'bitbucket.org',
  31. 'blogger.com', 'bloomberg.com', 'bmw.com', 'boeing.com', 'booking.co.uk', 'booking.com', 'bootstrapcdn.com',
  32. 'breitbart.com', 'buzzfeed.com', 'canva.com', 'capitalone.com', 'cbsnews.com', 'character.ai', 'chase.com',
  33. 'chaturbate.com', 'cisco.com', 'citi.com', 'cnbc.com', 'cnet.com', 'cnn.com', 'codecademy.com', 'constantcontact.com',
  34. 'coursera.org', 'craigslist.org', 'dailymail.co.uk', 'dell.com', 'deviantart.com', 'discord.com', 'disney.com',
  35. 'django.com', 'docker.com', 'docusign.com', 'dribbble.com', 'dropbox.com', 'duckduckgo.com', 'duolingo.com',
  36. 'duosecurity.com', 'ebay.com', 'economist.com', 'edx.org', 'elsevier.com', 'engadget.com', 'epicgames.com',
  37. 'eporner.com', 'espn.com', 'etsy.com', 'eurogamer.net', 'expedia.com', 'facebook.com', 'fandom.com', 'fedex.com',
  38. 'figma.com', 'finance.yahoo.com', 'flickr.com', 'flipkart.com', 'forbes.com', 'foxnews.com', 'framer.com',
  39. 'freecodecamp.org', 'gamespot.com', 'gartner.com', 'gettyimages.com', 'git-scm.com', 'github.com', 'gizmodo.com',
  40. 'go.com', 'godaddy.com', 'gog.com', 'goldmansachs.com', 'google.com', 'healthline.com', 'hilton.com', 'homedepot.com',
  41. 'hp.com', 'hubspot.com', 'huffpost.com', 'hulu.com', 'humblebundle.com', 'ibm.com', 'ieee.org', 'ifixit.com',
  42. 'ign.com', 'ikea.com', 'imdb.com', 'imgur.com', 'indeed.com', 'instagram.com', 'instructure.com', 'intel.com',
  43. 'intuit.com', 'invisionapp.com', 'itch.io', 'java.com', 'jetbrains.com', 'joomla.org', 'jquery.com', 'khanacademy.org',
  44. 'kotaku.com', 'kotlinlang.org', 'laravel.com', 'lenovo.com', 'lg.com', 'lifehacker.com', 'linkedin.com', 'live.com',
  45. 'lowes.com', 'lynda.com', 'macys.com', 'mailchimp.com', 'marriott.com', 'mashable.com', 'masterclass.com',
  46. 'mcdonalds.com', 'medium.com', 'mercedes-benz.com', 'microsoft.com', 'microsoftonline.commit.edu', 'mongodb.com',
  47. 'moodle.org', 'mozilla.org', 'msn.com', 'msnbc.com', 'nasa.gov', 'nationalgeographic.com', 'nbc.com', 'nbcnews.com',
  48. 'netflix.com', 'new.reddit.com', 'nextdoor.com', 'nih.gov', 'npr.org', 'nvidia.comnypost.com', 'nytimes.com',
  49. 'office.com', 'okta.com', 'onlyfans.com', 'openai.com', 'oracle.com', 'oreilly.com', 'origin.com', 'outlook.com',
  50. 'overstock.com', 'patreon.com', 'paypal.com', 'pcgamer.com', 'pexels.com', 'php.net', 'pinterest.com', 'pixabay.com',
  51. 'pluralsight.com', 'polygon.com', 'pornhub.com', 'python.org', 'quizlet.com', 'quora.com', 'reactjs.org', 'realtor.com',
  52. 'reddit.com', 'redhat.com', 'roblox.com', 'rubyonrails.org', 'salesforce.com', 'samsung.co.kr', 'samsung.com',
  53. 'sap.com', 'sciencedirect.com', 'scopus.com', 'sears.com', 'sharepoint.com', 'shutterstock.com', 'siemens.com',
  54. 'sketch.com', 'skillshare.com', 'skype.com', 'slack.com', 'sony.com', 'soundcloud.com', 'spotify.com', 'spring.io',
  55. 'stackoverflow.com', 'steamcommunity.com', 'steampowered.com', 'surveymonkey.com', 'symantec.com', 'target.com',
  56. 'techcrunch.com', 'temu.com', 'tesla.com', 'texasinstruments.com', 'theguardian.com', 'thenextweb.com', 'theverge.com',
  57. 'tiktok.com', 'time.com', 'toyota.com', 'trello.com', 'trip.com', 'tripadvisor.com', 'tumblr.com', 'twitch.tv',
  58. 'twitter.com', 'uber.com', 'ucla.edu', 'ucsf.edu', 'udemy.com', 'unity.com', 'unsplash.com', 'ups.com', 'usatoday.com',
  59. 'usnews.com', 'usps.com', 'verizon.com', 'Vice.com', 'vice.com', 'vimeo.com', 'vk.com', 'vmware.com', 'volkswagen.com',
  60. 'vox.com', 'walmart.com', 'washingtonpost.com', 'weather.com', 'weather.gov', 'webmd.com', 'whatsapp.com', 'wikimedia.org',
  61. 'wikipedia.org', 'wired.com', 'wordpress.com', 'wsj.com', 'wunderground.com', 'x.com', 'xerox.com', 'xfinity.com',
  62. 'xhamster.com', 'xilinx.com', 'xnxx.com', 'xvideos.com', 'yahoo.com', 'yelp.com', 'youtube.com', 'zapier.com', 'zendesk.com',
  63. 'zeplin.iozillow.com', 'zoom.us'
  64. ];
  65.  
  66. // Function to get the current automated blacklist
  67. function getAutomatedBlacklist() {
  68. return new Set(GM_getValue('blacklist', []));
  69. }
  70.  
  71. // Function to add a URL to the automated blacklist
  72. function addToAutomatedBlacklist(url) {
  73. let encodedUrl = encodeURIComponent(url);
  74. let blacklist = getAutomatedBlacklist();
  75. if (!blacklist.has(encodedUrl)) {
  76. blacklist.add(encodedUrl);
  77. GM_setValue('blacklist', Array.from(blacklist));
  78. console.log('Added to automated blacklist:', url);
  79. }
  80. }
  81.  
  82. // Function to display the blacklist
  83. function displayBlacklist() {
  84. let automatedBlacklist = getAutomatedBlacklist();
  85. let fullBlacklist = new Set([...manualBlacklist, ...automatedBlacklist]);
  86. console.log('Current Blacklist:\n' + Array.from(fullBlacklist).map(decodeURIComponent).join('\n'));
  87. alert('Current Blacklist:\n' + Array.from(fullBlacklist).map(decodeURIComponent).join('\n'));
  88. }
  89.  
  90. // Function to handle navigation events
  91. function handleNavigation(url) {
  92. try {
  93. if (!isUrlAllowed(url)) {
  94. console.error('Blocked navigation to:', url);
  95. addToAutomatedBlacklist(url); // Add the unauthorized URL to the automated blacklist
  96. if (lastKnownGoodUrl) {
  97. window.location.replace(lastKnownGoodUrl);
  98. }
  99. return false;
  100. } else {
  101. console.log('Navigation allowed to:', url);
  102. lastKnownGoodUrl = url;
  103. return true;
  104. }
  105. } catch (error) {
  106. console.error('Error in handleNavigation:', error);
  107. }
  108. }
  109.  
  110. // Save the original assign and open methods
  111. const originalAssign = window.location.assign.bind(window.location);
  112. const originalOpen = window.open;
  113.  
  114. console.log('Original window.location.assign and window.open saved.');
  115.  
  116. // Override the assign method to monitor and control redirects
  117. window.location.assign = function(url) {
  118. console.log('Redirect attempt detected:', url);
  119. if (!allowedPopups.some(domain => url.includes(domain)) && !handleNavigation(url)) {
  120. console.log('Redirect to undesired domain blocked:', url);
  121. return; // Block the redirect
  122. }
  123. console.log('Redirect allowed to:', url);
  124. return originalAssign(url);
  125. };
  126.  
  127. console.log('window.location.assign overridden with custom logic.');
  128.  
  129. // Override window.open to control popup behavior
  130. window.open = function(url, name, features) {
  131. console.log('Popup attempt detected:', url);
  132. if (allowedPopups.some(domain => url.includes(domain))) {
  133. console.log('Popup allowed for:', url);
  134. return originalOpen(url, name, features); // Allow popup
  135. }
  136. console.log('Blocked a popup from:', url);
  137. return null; // Block the popup
  138. };
  139.  
  140. console.log('window.open overridden with custom logic.');
  141.  
  142. // Proxy to intercept and handle location changes
  143. let lastKnownGoodUrl = window.location.href;
  144. let navigationInProgress = false;
  145.  
  146. const locationProxy = new Proxy(window.location, {
  147. set(target, prop, value) {
  148. if ((prop === 'href' || prop === 'assign' || prop === 'replace') && !navigationInProgress) {
  149. if (!handleNavigation(value)) {
  150. return false;
  151. }
  152. }
  153. return Reflect.set(target, prop, value);
  154. },
  155. get(target, prop) {
  156. if (prop === 'assign' || prop === 'replace') {
  157. return function(url) {
  158. if (!navigationInProgress && handleNavigation(url)) {
  159. navigationInProgress = true;
  160. setTimeout(() => {
  161. navigationInProgress = false;
  162. }, 0);
  163. return target[prop].call(target, url);
  164. }
  165. };
  166. }
  167. return Reflect.get(target, prop);
  168. }
  169. });
  170.  
  171. // Replace window.location with the proxy
  172. Object.defineProperty(window, 'location', {
  173. configurable: true,
  174. enumerable: true,
  175. get() {
  176. return locationProxy;
  177. }
  178. });
  179.  
  180. // Enhanced navigation control for back/forward buttons
  181. window.addEventListener('popstate', function(event) {
  182. if (!navigationInProgress && !isUrlAllowed(window.location.href)) {
  183. console.error('Blocked navigation to:', window.location.href);
  184. navigationInProgress = true;
  185. setTimeout(() => {
  186. navigationInProgress = false;
  187. }, 0);
  188. history.pushState(null, "", lastKnownGoodUrl); // Push the last known good URL
  189. window.location.replace(lastKnownGoodUrl); // Force redirect to last known good URL
  190. event.preventDefault();
  191. }
  192. });
  193.  
  194. // Function to handle history manipulation
  195. function handleHistoryManipulation(originalMethod, data, title, url) {
  196. if (!isUrlAllowed(url)) {
  197. console.error('Blocked history manipulation to:', url);
  198. return;
  199. }
  200. return originalMethod.call(history, data, title, url);
  201. }
  202.  
  203. // Wrap history.pushState and history.replaceState
  204. const originalPushState = history.pushState;
  205. const originalReplaceState = history.replaceState;
  206.  
  207. history.pushState = function(data, title, url) {
  208. return handleHistoryManipulation(originalPushState, data, title, url);
  209. };
  210.  
  211. history.replaceState = function(data, title, url) {
  212. return handleHistoryManipulation(originalReplaceState, data, title, url);
  213. };
  214.  
  215. // Ensure we have a state to go back to if needed
  216. if (history.length === 1) {
  217. // Directly landed on this page, fake history
  218. history.replaceState(null, "", "/");
  219. history.pushState(null, "", window.location.href);
  220. }
  221.  
  222. // Function to check if a URL is allowed based on the blacklist
  223. function isUrlAllowed(url) {
  224. let encodedUrl = encodeURIComponent(url);
  225. let automatedBlacklist = getAutomatedBlacklist();
  226. let isBlocked = Array.from(manualBlacklist).some(blockedUrl => encodedUrl.includes(blockedUrl)) ||
  227. Array.from(automatedBlacklist).some(blockedUrl => encodedUrl.includes(blockedUrl));
  228. if (isBlocked) {
  229. console.log(`Blocked URL: ${url}`);
  230. }
  231. return !isBlocked;
  232. }
  233.  
  234. console.log('Redirect control script with blacklist initialized.');
  235. })();