All geek questions in one place

User discovery with hola extension

I want to know if hola users use the best internet to browse my site. Hola! This extension uses a peer-to-peer network so that users can view them from different countries. However, I am worried that some bots use this plugin as a proxy. From what I read, it doesn't send the X-FORWARDED-FOR header and doesn't seem to declare itself in navigator.plugins - checked with panopticlick . This seems like a huge security issue, as there are 42 million users in this plugin.

I see how people use it to see netflix from other countries, I think they would like to stop it too.

How to identify users who use this plugin?

- EDIT -

Also, see this - luminati.io - which seems to be the biggest rental botnet in the world ... I can't see how they can't figure it out with Google, but it seems like a big security risk on any site in The internet.

+6
source share
2 answers

Looking at the source code of the plugin, there is the following:

 function hola_ext_present(){ // Only <html> is present at document_start time, use it as a // storage to communicate presence of extension to web page. document.documentElement.setAttribute('hola_ext_present', 'true'); }

so basically something like:

 document.documentElement.getAttribute('hola_ext_present');

will tell you if he is present or not.

+2
source

I know that this needs to be done on the server side, but what I can think of now does it on the client side, since hola, upon successful loading, creates an attribute in the html tag called hola_ext_inject .

So using jquery:

 $(function() { var hola_inject = $('html').attr('hola_ext_inject'); if (typeof hola_inject !== typeof undefined && hola_inject !== false) { console.log('plugin exist'); } });
+1
source

Source: https://habr.com/ru/post/984124/

More articles:


All Articles