search

foxyproxy / browser-extension

Version 8 and above. Browser extension source code for Firefox, Chrome, and other Chromium-based browsers
GNU General Public License v2.0
244 stars 39 forks source link

Cannot enable proxy when using firefox enterprise policies.json on NixOS #138

Open Mag1cByt3s opened 4 months ago

Mag1cByt3s commented 4 months ago

[ENV] Firefox 127.0 FoxyProxy Standard 8.9 NixOS Unstable

[ISSUE] I cannot enable the proxy "BurpSuite" I added via policies.json. The proxy gets added to foxyproxy however once I click on it to activate the proxy, nothing happens, the state of foxyproxy does not change, the icon does not change. Once i click on my proxy, the radio button gets set to the proxy but thats it. Once i click on it again it is back to "Disabled".

Here is my NixOS config for firefox:

{ config, pkgs, lib, ... }:

{
  programs.firefox = {
    enable = true;
    policies = {
      "AppAutoUpdate" = false;
      "BackgroundAppUpdate" = false;
      "DisableFeedbackCommands" = true;
      "DisableFirefoxAccounts" = true;
      "DisableFirefoxStudies" = true;
      "DisablePocket" = true;
      "DisableTelemetry" = true;
      "DisplayBookmarksToolbar" = "always";
      "DisplayMenuBar" = "default-off";
      "DontCheckDefaultBrowser" = true;
      "EnableTrackingProtection" = {
        "Value" = true;
        "Locked" = true;
        "Cryptomining" = true;
        "Fingerprinting" = true;
        "EmailTracking" = true;
      };
      "Extensions" = {
        "Install" = [
          "https://addons.mozilla.org/firefox/downloads/latest/darkreader/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/wappalyzer/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/simple-modify-header/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/simple-translate/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/foxyproxy-standard/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/violentmonkey/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/shodan-addon/latest.xpi"
        ];
      };
      "ExtensionSettings" = {
        "*" = {
          "installation_mode" = "force_installed";
          "allowed_types" = ["extension"];
          "default_area" = "navbar";
        };
      };
      "ExtensionUpdate" = true;
      "FirefoxHome" = {
        "Search" = false;
        "TopSites" = false;
        "SponsoredTopSites" = false;
        "Highlights" = false;
        "Pocket" = false;
        "SponsoredPocket" = false;
        "Snippets" = false;
        "Locked" = true;
      };
      "FirefoxSuggest" = {
        "WebSuggestions" = true;
        "SponsoredSuggestions" = false;
        "ImproveSuggest" = false;
        "Locked" = true;
      };
      "GoToIntranetSiteForSingleWordEntryInAddressBar" = true;
      "HardwareAcceleration" = true;
      "NetworkPrediction" = false;
      "NewTabPage" = false;
      "NoDefaultBookmarks" = true;
      "OfferToSaveLogins" = false;
      "OfferToSaveLoginsDefault" = false;
      "PasswordManagerEnabled" = false;
      "PromptForDownloadLocation" = true;
      "RequestedLocales" = "en-US";
      "SanitizeOnShutdown" = {
        "Cache" = true;
        "Cookies" = true;
        "Downloads" = false;
        "FormData" = true;
        "History" = false;
        "Sessions" = true;
        "SiteSettings" = false;
        "OfflineApps" = true;
        "Locked" = true;
      };
      "SearchSuggestEnabled" = true;
      "ShowHomeButton" = false;
      "SSLVersionMin" = "tls1";
      "UserMessaging" = {
        "WhatsNew" = false;
        "ExtensionRecommendations" = false;
        "FeatureRecommendations" = false;
        "UrlbarInterventions" = false;
        "SkipOnboarding" = true;
        "MoreFromMozilla" = false;
        "Locked" = true;
      };
      "UseSystemPrintDialog" = true;
      "Certificates" = {
        "Install" = ["/etc/ssl/certs/BurpSuiteCA.der"];
      };
      "3rdparty" = {
        "Extensions" = {
          "foxyproxy@eric.h.jung" = {
            "mode" = "enable";
            "sync" = false;
            "autoBackup" = false;
            "showPatternProxy" = false;
            "passthrough" = "";
            "container" = {
              "incognito" = "";
              "container-1" = "";
              "container-2" = "";
              "container-3" = "";
              "container-4" = "";
            };
            "commands" = {
              "setProxy" = "";
              "setTabProxy" = "";
              "quickAdd" = "";
            };
            "data" = [
              {
                "active" = true;
                "title" = "BurpSuite";
                "type" = "http";
                "hostname" = "localhost";
                "port" = "8080";
                "username" = "";
                "password" = "";
                "cc" = "";
                "city" = "";
                "color" = "#e66100";
                "pac" = "";
                "pacString" = "";
                "proxyDNS" = true;
                "include" = [];
                "exclude" = [];
              }
            ];
            "managed" = false;
          };
        };
      };
    };
  };
}
erosman commented 4 months ago

I cannot enable the proxy "BurpSuite" I added via policies.json

When an enterprise policy is in effect, users wont be able to change anything. The purpose of an enterprise policy is for the admin (not users) to control the options.

Mag1cByt3s commented 4 months ago

But actually using the foxyproxy addon by changing between proxies or disabling the proxies is not really a 'change', is it?

If the user cannot use the addon anymore by turning on or off the proxy it kind of defeats the whole purpose.

erosman commented 4 months ago

But actually using the foxyproxy addon by changing between proxies or disabling the proxies is not really a 'change', is it?

That would conflict with https://github.com/foxyproxy/browser-extension/issues/42#issuecomment-1830407101

"mode" = "enable";

There is no such mode. As per Help:

"mode": "disable", // mandatory: current option, necessary to enable

Mag1cByt3s commented 4 months ago

So there is no way to simply add the proxy and let the user decide when to enable it and when not?

erosman commented 4 months ago

Enterprise policy is not designed for that purpose. However, if there is a popular demand, a recommended settings feature can be worked on.

See also: #132

lap1nou commented 4 months ago

Greetings @erosman and thank you for your work,

I would also be very interested in such a feature.

Also, I tried a workaround using a storage.managed manifest file, here is my file:

{
  "name": "foxyproxy@eric.h.jung",
  "type": "storage",
  "data": {
    "mode": "enable",
    "sync": false,
    "passthrough": "",
    "container": {},
    "commands": {},
    "data": [
      {
      "active":  true,
      "title":  "BurpSuite",
      "type":  "http",
      "hostname":  "localhost",
      "port":  "8080",
      "username":  "",
      "password":  "",
      "cc":  "",
      "city":  "",
      "color":  "#e66100",
      "pac":  "",
      "pacString":  "",
      "proxyDNS":  true,
      "include":  [],
      "exclude":  []
    }
  ]
  }
}

I wrote it here: /usr/lib/mozilla/managed-storage/foxyproxy@eric.h.jung.json, but it doesn't seems to work, I can't see my proxy added in the extension, do you have an idea why ?

Regards.

erosman commented 4 months ago

@lap1nou As mentioned previously, "mode": "enable", is wrong.

Does the policy show on about:policies?

lap1nou commented 4 months ago

Hey @erosman thank you for your answer,

My policy is working fine, but I'm trying to use this: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/storage/managed, in order to add some preconfigured proxy to Foxyproxy, maybe I misunderstood the goal of this.

My end goal is to simply be able to preconfigure proxy (add them) but let the user decide wether he want to enable them or not.

Regards.

erosman commented 4 months ago

My end goal is to simply be able to preconfigure proxy (add them) but let the user decide wether he want to enable them or not.

At the moment, that is not possible. Enterprise Policy is set to remove control from the users and give control to the admin.

However, as mentioned in https://github.com/foxyproxy/browser-extension/issues/138#issuecomment-2183068599, if there is enough demand, a recommended-settings feature can be added to FoxyProxy.