search

corbindavenport / noplugin

Play legacy media in modern browsers without plugins.
GNU General Public License v3.0
27 stars 9 forks source link

Spoof plugins #46

Open corbindavenport opened 5 years ago

corbindavenport commented 5 years ago

https://github.com/bcaller/plugin-privacy-chrome

Madis0 commented 5 years ago

I think the best method for user privacy (fingerprinting) and overall web progression (to not recommend old plugins by default) would be to do this per-site, like this for example:

  1. User opens a site that requires plugins, site warns about having to download/enable them
  2. User clicks the NoPlugin button which spoofs the plugins and reloads the site
  3. If supported content is found, NoPlugin adds the site to its whitelist, in order to spoof it automatically the next time
corbindavenport commented 5 years ago

Yeah, there would have to be some kind of smart detection going on, so there's no cases where a site would provide a Flash version of content instead of the HTML5 version. Not sure the best way to handle that yet.

corbindavenport commented 4 years ago

Test pages:

https://www.dhs.state.il.us/accessibility/tests/flash/video.html https://student.testmasters.com/portal/online/Test.aspx https://www.adobe.com/shockwave/welcome/index.html http://isflashinstalled.com/

corbindavenport commented 3 years ago

NoPlugin 7.0 in the dev branch now has initial support for spoofing plugins, using a new option in the browser's right-click menu. Chrome now hides extension buttons by default, so this seems like the best option to make the feature visible without injecting UI into the page:

Screenshot from 2020-12-02 23-14-39

Clicking the option adds a noplugin_compat=true parameter to the current address, which enables the noplugin-compat.js content script to run before any of the page's content is loaded. The compat script replaces the navigator object with a modified version containing plugin data for Adobe Flash. Since some websites checked if Flash was available by actually injecting Flash code or using ActiveX, both of which probably can't be simulated, so this isn't a total fix. Still, it does work with isflashinstalled.com and any site that checks navigator.plugins or navigator.mimeTypes.

Some additional changes that need to be implemented: