0

Is it possible for a WebExtension to override the IP address of a server, or to modify/intercept DNS requests or override the DNS cache? I'm trying to code a WebExtension that provides browsers with the same functionality as cURL's --resolve.

Specifically, to:

  • connect to a different IP than the one published in DNS
  • add entries for particular non-existent domains that the user wishes to resolve as if they existed (e.g. patching in access to an OpenNIC site via a WebExtension could be more robust and far less disruptive to the broader system/network than playing whack-a-mole with volunteer-run DNS servers that never stay online for more than a few years)
  • "resolve" particular entries while the relevant DNS server is offline
  • cache or pin DNS entries in a software-defined way in preparation for a known upcoming DNS poisoning attack

In short: to simulate the effect of a hosts file, but without administrative privileges / messing with the rest of the system.

JamesTheAwesomeDude
  • 658
  • 7
  • 19
  • I will accept a conversion of this answer to Chrome iff it is not possible in Firefox _and_ it is possible in Chrome. – JamesTheAwesomeDude Mar 18 '21 at 19:37
  • I believe your question to be offtopic here as not related to programming. There is however another option far simpler of all the above: just configure Firefox to use a specific DOH endpoint and control that nameserver where you can completely define how names will be resolved. This remains completely contained inside the browser. – Patrick Mevzek Mar 18 '21 at 22:59
  • 1
    No, extensions can't do that. – wOxxOm Mar 19 '21 at 05:08
  • Hmm, it looks like [WebExtensions _can_ conditionally force requests through a proxy of their choice](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/proxy/onRequest), and, as of FF57 (rel. Nov. 2017), [it's become possible for WebExtension-induced proxying to handle DNS requests as well](https://stackoverflow.com/a/46107763/1874170). So, while it would require _some_ "buddy-script" software to open up a TCP port to run a DNS-mangling proxy server, this could run trivially on the PC or even a VPS, without admin rights or system configuration changes. – JamesTheAwesomeDude Apr 22 '21 at 22:11
  • @PatrickMevzek The question is specifically about the capabilities/limitations of an API in a somewhat popular software development platform. If that's not a programming question, I'd be very curious to see what is. – JamesTheAwesomeDude Apr 22 '21 at 22:33

1 Answers1

0

Yes, but (for now) not trivially.

WebExtensions cannot rewrite these responses directly, but they can use the browser.proxy.onRequest API with ProxyInfo.proxyDNS to redirect DNS requests for affected domains through a SOCKS4 or SOCKS5 proxy which mangles the responses.

You will, however, need a Native Host component (or a VPS, etc.) to actually run this proxy -- at least until Firefox adds support for WebExtension-run sockets (or provides a built-in non-socket-based proxying API).

JamesTheAwesomeDude
  • 658
  • 7
  • 19