hoodwink.d enhanced
RSS
2.0
XHTML
1.0

RedHanded

MouseHole 1.1 in Plain View #

by why in inspect

Okay, MouseHole 1.1 is ready for you. If you’re new, MouseHole is a web proxy that you run on your machine.

So, basically you go to http://localhost:37004/ and you’ll see this:

The MouseHole home page.

I have three user scripts installed. One of these scripts is an Instiki clone:

MouseWiki shot.

Once MouseHole is running you can install MouseWiki by visiting the script itself: http://whytheluckystiff.net/mouseHole/wiki.user.rb.

When you hit Ruby user scripts on the web (if you have MouseHole set up as your proxy), you’ll get an installer window.

ComicAlt installation.

This installer window will test the script initially by running it under Ruby’s highest safe mode. If the script fails, you’ll get a security warning.

Evil script warning.

And that’s it. I really have no idea if this is useful at all. It’s great fun to play with.

Bear in mind: One significant change from 1.0 is I’m no longer using the start method in user scripts. MouseHole now recognizes the rewrite method.

So where you had this: def start( req, res ).

You now need this: rewrite do |req, res|.

said on 02 Sep 2005 at 13:11

wow, this looks like fun

said on 02 Sep 2005 at 13:26

Wow. Occasionally I have a brain-wave or two, but leave it to why to take an idea and really run with it. Good show!

said on 02 Sep 2005 at 13:35

“Windows standalone” dows not work because iconv.dll is missing.

said on 02 Sep 2005 at 13:35

Incidentally, I had chosen 37004 in reference to hoodlum, as it spells “hOOLE” in a pre-adolescent LCD sort of way.

Maybe 53704 would be a more fitting port for MouseHole(s)?

said on 02 Sep 2005 at 13:37

Word on the street is that the latest Ruby-for-Windows packages will start including iconv and friends.

said on 02 Sep 2005 at 13:39

But when we merge the Hoodlum code back in?

your name: Can you tell me what happens when you move the DLLs out of mouseHole-1.0/lib/i386-mswin32 and into mouseHole-1.0?

said on 02 Sep 2005 at 13:42

Cool _why, good job. You basically have done pretty much all of the cooler stuff I was going to do with Wonderland. I guess great minds think alike, or it is just obvious ;)

I just haven’t had a shred of time to work on Wonderland, so consider the project permanently on hold. Plus I find it rather redundant now.

Here is the pretty simple code for handling content encodings:

def decode(content_encoding, content)
  case content_encoding
  when 'gzip':
    gzr = Zlib::GzipReader.new(StringIO.new(content))
    decoded = gzr.read
    gzr.close
    decoded
  when 'deflate':
    Zlib::Inflate.inflate(content)
  else
    content
  end
end

You’ll need to require zlib and stringio, and change prewink to

      req.header['accept-encoding'] = ['gzip','deflate']

Also I figured it was pointless to re-encode in a localhost proxy, so the final step is to delete the ‘content-encoding’ field from the results header.

Consider that my meager contribution to MouseHole.

said on 02 Sep 2005 at 13:43

I just got and copied the dll into the mousehole folder. That worked fine.

said on 02 Sep 2005 at 13:45

whoops, the url is http://www.dave.burt.id.au/ruby/iconv.zip

said on 02 Sep 2005 at 13:54

Actually, why, I don’t think there’s any value in the max-$SAFE check. Any script that actually cared to be evil could choose to act differently in the presence of high-$SAFE. As a result, the check only serves to engender a false sense of security.

For example:


MouseHole.script do
 File.delete( "mouseHole.rb" ) unless $SAFE > 0
end

or more subtly:


MouseHole.script do
  begin
    File.delete( "mouseHole.rb" )
  rescue Exception
  end
end
said on 02 Sep 2005 at 13:56

why: as regards hoodlum, it appears to be a rather short MouseHole script. I will post soonish (read: this weekend).

said on 02 Sep 2005 at 13:58

Ah, the MouseHole winking presents us with a preview button which the Greasemonkey lacks… of course, I can’t seem to get it to function in either Firefox or IE.

said on 02 Sep 2005 at 14:05

MenTaLguY: I’ll probably be allowing the user to set their own $SAFE per-script. And the default will be high. Considering that rewrite scripts really won’t be doing much.

The initial check is important, though. In order to read the scripts’ settings, I have to evaluate it.

said on 02 Sep 2005 at 14:11

I would imagine at this point only Ruby coders would mess with this, so hopefully they will take the time to at least peruse scripts before using them.

Hmmm, time for me to code up some obfuscated MouseHole scripts, muwhahahahaha…

said on 02 Sep 2005 at 14:44

Interesting… I’ll have to explore this. From the description alone, not looked at the code yet, I’m wondering if this could be used to kick some accessibility into the foulest of websites, riddled with font tags (which are particulary cheesy)...

Also, what if you normally have a proxy anyway, can you get the mousehole to talk to that proxy as your browser would have before?

Of course, the Poignant Guide will need some cartoon mice for the chapter about this, and I certainly didn’t have a “bear in mind”. :-)

said on 02 Sep 2005 at 15:10

Hmmm, is there no persistent caching of the scripts you’ve installed through your mouseHole? I really like the installer bit, but maybe it could save the scripts to a directory in addition to slurping it into the proxy via eval. Then when you restart the proxy, it can slurp in the contents of that directory.

My personal use case is that the hoodwink’d script messes up my gmail and bloglines both. I can easily exclude these from the proxy settings in Firefox (which I’m doing) but it seems it would feel cleaner to just set a few exclude_match lines in my own personal copy of the .user.rb.

(Maybe the way of future mouseHoling would include letting scripts expose configuration options to the user via the mouseHole installer?)

said on 02 Sep 2005 at 15:30

lukfugl: The MouseHole scripts are installed in a .mouseHole/userScripts directory under your homedir.

I’m sure _why will add script specific options soon enough.

said on 02 Sep 2005 at 15:36

Be sure to clear your cache if you peeked at the .user.rb files before installing MouseHole. FireFox won’t request the script again if you revisit/refresh it.

said on 02 Sep 2005 at 15:42

lukfugl: If you want to add your own exclude and include matches to hoodwink.d, it can be configured from within Mousehole.

dys: Yeah, I don’t get it. I’m passing back no-cache headers (see the no_cache method in lib/mousehole.rb.)

said on 02 Sep 2005 at 15:47

hgs: You can deal with double-proxies through the normal WEBrick::HttpProxyServer means—either override proxy_service, or simply specify your proxy URL with … I think it’s the :Proxy config option. I forget offhand though.

said on 02 Sep 2005 at 15:51

hgs: sorry, I’m a moron. You would either override #proxy_uri, or use the :ProxyURI config option. Should be a URI object, and you can provide any needed (Basic) credentials via it.

Comments are closed for this entry.