diff --git a/README.md b/README.md index f59bce7..8b07cc8 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # node-iframe -[![j-mendez](https://circleci.com/gh/j-mendez/node-iframe.svg?style=svg)](https://circleci.com/gh/j-mendez/node-iframe) +[![a11ywatch](https://circleci.com/gh/a11ywatch/node-iframe.svg?style=svg)](https://circleci.com/gh/a11ywatch/node-iframe) create iframes to bypass security issues on your server with node.js can also be used in a browser diff --git a/package-lock.json b/package-lock.json index 7b2d24d..18ac345 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,15 +1,16 @@ { "name": "node-iframe", - "version": "1.8.0", + "version": "1.9.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "node-iframe", - "version": "1.8.0", + "version": "1.9.1", "license": "MIT", "dependencies": { - "cheerio": "^1.0.0-rc.3" + "cheerio": "^1.0.0-rc.3", + "follow-redirects": "^1.15.2" }, "devDependencies": { "@swc/core": "^1.2.205", @@ -3161,6 +3162,25 @@ "node": ">=8" } }, + "node_modules/follow-redirects": { + "version": "1.15.2", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz", + "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, "node_modules/for-in": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz", @@ -9640,6 +9660,11 @@ "path-exists": "^4.0.0" } }, + "follow-redirects": { + "version": "1.15.2", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz", + "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==" + }, "for-in": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz", diff --git a/package.json b/package.json index 6b5f9d7..56303b4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "node-iframe", - "version": "1.8.9", + "version": "1.9.1", "description": "create iframes on your server to bypass CORS. Reverse engineer security issues.", "main": "dist/iframe.js", "scripts": { @@ -9,7 +9,7 @@ }, "repository": { "type": "git", - "url": "git+https://github.com/j-mendez/node-iframe.git" + "url": "git+https://github.com/a11ywatch/node-iframe.git" }, "keywords": [ "node-iframe", @@ -20,7 +20,8 @@ "author": "Jeff Mendez ", "license": "MIT", "dependencies": { - "cheerio": "^1.0.0-rc.3" + "cheerio": "^1.0.0-rc.3", + "follow-redirects": "^1.15.2" }, "devDependencies": { "@swc/core": "^1.2.205", diff --git a/src/fetch.ts b/src/fetch.ts index 934ee62..21787d1 100644 --- a/src/fetch.ts +++ b/src/fetch.ts @@ -2,29 +2,14 @@ let fetcher: // @ts-ignore | typeof global.fetch | ((url: string, options: Record) => Promise); -let https; -let http; - if (!fetcher) { + (async () => { if (process) { - // load https module - if (!https) { - try { - https = await import("https"); - } catch (e) { - console.error("https support is disabled!"); - } - } - - // load http modules - if (!http) { - try { - http = await import("http"); - } catch (e) { - console.error("http support is disabled!"); - } - } + const followRedirects = require('follow-redirects'); + followRedirects.maxRedirects = 4; + const http = followRedirects.http; + const https = followRedirects.https; const getHttp = (url: string) => url.startsWith("https://") ? https : http; @@ -34,8 +19,7 @@ if (!fetcher) { options?: { headers?: Record; agent?: string | (() => string); - }, - retry?: number + } ) => { const { agent, headers } = options ?? {}; let fetchOptions = {}; @@ -62,9 +46,6 @@ if (!fetcher) { httpMethod .get(url, fetchOptions, (res) => { - if((res.statusCode === 301 || res.statusCode === 302) && retry) { - return get(res.headers.location, options, --retry) - } res.setEncoding("utf8"); res.on("data", (d) => { diff --git a/src/iframe.ts b/src/iframe.ts index 74f2504..6c5d566 100644 --- a/src/iframe.ts +++ b/src/iframe.ts @@ -79,13 +79,13 @@ function configureAgent() { } // NOTE: control type like wappalyzer for usage only on websites that use specefic frameworks like old versions of react, angular, vue, and etc -const mutateSource = async ({ src = "", key }, url, $html, headers, retry) => { +const mutateSource = async ({ src = "", key }, url, $html, headers) => { if (src && src[0] === "/") { try { const res = await fetcher(`${url}/${src}`, { headers, agent, - }, retry); + }); if (res) { const source = typeof process !== "undefined" ? res : await res.text(); @@ -109,7 +109,7 @@ function renderErrorHtml({ url, server, noPage = false }) { } async function renderHtml( - { url, baseHref, config, head = {}, retry }, + { url, baseHref, config, head = {} }, server = false ) { if (!url) { @@ -135,8 +135,7 @@ async function renderHtml( response = await fetcher(url, { headers: head, agent, - }, - retry); + }); } catch (e) { console.error(e); } @@ -179,7 +178,7 @@ async function renderHtml( for (const com of inlineMutations) { const { key, attribute, src } = com; const element = `${key}[${attribute}="${src}"]`; - await mutateSource({ key: element, src }, url, $html, headers, retry); + await mutateSource({ key: element, src }, url, $html, headers); $html(element).removeAttr(attribute); }