通过Chrome扩展程序绕过iFrame检测

Question

如何使用chrome扩展名覆盖window.top对象？

这是我正在尝试的：

manifest.json

{
  "name": "buster",
  "version": "0.0.41",
  "manifest_version": 2,
  "description": "Removes iframe buster scripts",
  "homepage_url": "http://google.com",
  "background": {
    "scripts": ["background.js"]
  },
  "browser_action": {
    "default_title": "buster buster"
  },
  "permissions": [ "webRequest", "webRequestBlocking", "<all_urls>", "tabs"],
  "web_accessible_resources": [
    "index.html"
  ],
  "content_scripts": [
  {
    "matches": ["*://*/*"],
    "run_at": "document_start",
    "js": ["buster.js"],
    "all_frames": true
  }
  ]
}

background.js

chrome.webRequest.onHeadersReceived.addListener(function (details) {
    return {responseHeaders: details.responseHeaders.filter(function(header) {
        return ((header.name.toLowerCase() !== 'x-frame-options'));
    })};
}, {
    types: ["sub_frame"],
    urls: ["<all_urls>"]
}, ["blocking", "responseHeaders"]);

chrome.browserAction.onClicked.addListener(function (tab) {
    chrome.tabs.update(tab.id, {url: chrome.extension.getURL("index.html")});
});

我所有的尝试都带有buster.js：

if (top!=self) {
    alert(location.href);
//console.log(document.head.querySelector("script:not([src])").innerHTML)
    window.self=window.top;

    Window.prototype.__defineGetter__('top',function(){return this;});

    window.top = window.top.window;


    var prevent_bust = 0  
    window.onbeforeunload = function() { prevent_bust++ }  
    setInterval(function() {  
      if (prevent_bust > 0) {  
        prevent_bust -= 2  
        window.top.location = 'http://httpstat.us/204'  
      }  
    }, 1) 
}

index.html-我以stackoverflow.com为例

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title></title>
</head>
<body style="background: #ccc">
    <iframe id="ifr" src="http://stackoverflow.com/questions/37588058/inject-javascript-at-the-very-top-of-the-page-anti-iframe-buster" width="555" height="555"></iframe>
    <!-- http://time.com/4356072/missing-japanese-boy-found-forest/?xid=homepage -->
</body>
</html>

扩展压缩文件

Answer 1

我迟到了几分钟... :-)

您需要将“ buster.js”注入页面，然后在内容脚本的沙盒环境中执行它。虽然内容脚本可以访问页面的DOM，但它们不会共享其JavaScript执行环境（window）。这里有一个不错的概述：使用内容脚本将代码插入页面上下文。

将您的buster.js更改为此，它将起作用：

var el = document.createElement("script");
el.textContent = "if (top !== self) {window.self = window.top;}";
document.documentElement.appendChild(el);