Block specific browser without using User-Agent - javascript

React app. I want to block specific browser (Kiwi Mobile) from my site. But i can't use User-Agent header, because people, who using site also using chrome extension, which change User-Agent in requests. So, is there any other ways to get browser info?
I tried to detect extension, but it works like a VPN extension: intercepts requests and then send changed data to my servers. I blocked an extension IP in Cloudflare, but it works only for a week, then they start using proxy servers, and detect all proxy servers is nearly impossible.
I need to block using this browser by React app (just not load the page if it is a kiwi browser). Or maybe, block it by cloudflare, if it's possible

Related

Chrome extension run before page load

I have a idea for a chrome extension that does "kill switch" the connection to the specified domains before connection established. The core idea of this is that I use PAC proxy on Chrome to assign proxies to domains, while browsing, I don't want to access to, let's say facebook.com, with the real IP address, but only with the proxy IP, but in the case the PAC script didn't work, I want to have a backup. So, I need to run the extension script before the load, not on document_start. Possible? (if it's not possible I want to try other way around like using OS level firewall or something, it should be worked. but prefer Chrome level since while I don't want to access to facebook.com on chrome profile A with the bare IP, I may want to access to facebook.com on chrome profile B with the bare IP.)

How to redirect webServer to Chrome browser by trigger- Javascript

I'm creating one product(webServer), That product provides wifi Hotpot. If you connect that Hotspot, webServer will open automatically on the default browser. In some Mobile, It opens on WEB UI browser(it's not installed browser). Our webServer works better in Google Chrome or any other mainstream browser, so if there is any possibility to redirect to Chrome browser by any trigger or else any possibility to open server only on Chrome browser?
It's not possible to open a specific browser of a system. The reason is that you are requesting the system to handle a scheme (like http://, https://, ftp:// or file://) and the system will decide how to handle this . For http:// and https:// it's (most of the time) the browser defined by the user.
In addition, Chrome might not be available on every device requesting your server.

How can I bypass CORS security in a browser?

I have a Javascript application running in a browser, and I want to access some data sitting in a server that can't enable CORS.
It's not a testing application, is meant for the end-user, even if a little techy one.
I considered:
PHP Proxy: Not appropriate. Server on the other side make decision about IP geolocation.
Java/SilverLight: Unfortunately my #1 target is Chrome
JSON: Not available
What are my options?
Please notice that I'm not trying to make any malicious application: if the user need to approve or allow me to make this request is totally fine.
You are trying to do exactly what the Same Origin Policy is designed to prevent (and what CORS is designed to allow the server to permit).
Your options are:
Find a way to work with whomever controls the server
Get the users to download and install software which isn't subject to the Same Origin Policy (such as a stand-alone application or a browser extension).
You need to ask your users to install chrome extension to overcome CORS. I used to use it while developing ionic apps and testing on chrome
https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi?hl=en
https://chrome.google.com/webstore/detail/cors-toggle/omcncfnpmcabckcddookmnajignpffnh?hl=en

Embedded Devices - Javascript Debugging

I work on embedded devices but am not able to install any software on them (e.g. programs like gdbserver are out). I need to monitor javascript events on those browsers. For example, if we run a web app on the EWB, the device it's on might have a keyboard pop-up. I need a way to see what triggers this event.
I am thinking along the lines of perhaps embedding something into the HTML or javascript that automatically reports any events back to a workstation somewhere.(I already have logs, but they are not live and it's difficult to pinpoint what happens - even beartailing them... wish I could have something like Firebug, but since it's embedded I can't)
Has anyone seen anything along those lines?
To get a debug connection to a web app or page running on a remote device:
Install vorlon using npm
Download ngrok
Start the vorlon server, the server port will probably be localhost:1337 and the following steps assume this
From a terminal/command prompt run ngrok with ngrok http 1337 and it should report an ip address for the other end of the tunnel, something like def01234.ngrok.io available via http and https.
Instead of the local script tag which vorlon suggests, use the remote ngrok address, e.g. <script src="https://def01234.ngrok.io/vorlon.js"></script>. ngrok exposes both http and https - as this is over the public internet I would strongly recommend using a secure connection.
Log onto the vorlon server on your local machine.
If the above test works you are going to want to do two more things:
Get an account at ngrok (or an alternative secure tunnel service) to get a fixed address.
Configure vorlon authentification according to the instructions on this page. By default it is insecure so ANYBODY with the exposed ngrok address could log onto the dashboard and mess with your embedded devices.

Chrome Apps like Advanced Rest Client can set the Referrer header while websites can't

Chrome Apps like Advanced Rest Client and PostMan etc. can successfully set the Referrer header of an Ajax request whereas websites are not allowed and the browser resets them before sending the request. Why and how are the chrome apps and extensions allowed to do that and not the websites
An extension is a piece of software that has to be installed by the owner of the browser. It is trusted.
JavaScript running on a website only needs the owner to visit the website in order to execute in the browser. It is not trusted so gets many more limits placed on what it can do.

Categories

Resources