Shodan-Firefox-Addon icon indicating copy to clipboard operation
Shodan-Firefox-Addon copied to clipboard

Published 20 hours ago verified publisher icon PaulSec

Extension icon greyed out in toolbar - continue

Open ambarabacicicoco opened this issue 4 years ago • 18 comments

Will this awesome service be restored?

ambarabacicicoco avatar Jun 04 '21 10:06 ambarabacicicoco

It's grayed out again.

Hillside502 avatar Jun 04 '21 11:06 Hillside502

image

FIREFOX 89.0 FOR WINDOWS

ambarabacicicoco avatar Jun 04 '21 11:06 ambarabacicicoco

In console you can see that requests error out with 503

GET https://api.shodan.io/dns/resolve?key=MM72AkzHXdHpC8iP65VVEEVrJjp7zkgd&hostnames=account.shodan.io
[HTTP/3 503 Service Unavailable 236ms]

with MM72AkzHXdHpC8iP65VVEEVrJjp7zkgd being the API key used by the authors (see background.js). Error itself states: "Request rate limit reached (1 request/ second). Please wait a second before trying again and slow down your API calls.", so my understanding is that this is an issue with the author's API key and judging by the fact that the repo hasn't been updated in years, I doubt it will be fixed.

voukau avatar Jun 06 '21 15:06 voukau

@voukau Spot on excellent analysis --- looks like this add-on is on its way out!

Hillside502 avatar Jun 06 '21 20:06 Hillside502

Local workaround I ended up using:

  • Clone the repo and add your API key on lines 16 and 36 in background.js
  • Load the add-on to Firefox as a temporary extension via about:debugging

voukau avatar Jun 07 '21 08:06 voukau

Will this fixed version end up on the addons store? Or until then should I fix this on my own?

optimusprimespace avatar Jun 08 '21 11:06 optimusprimespace

I need to look up how to let one configure the API key either through about:config or by adding an administration popup to the add-on. I will let you know as soon as I have some news on that matter.

romainletendart avatar Jun 09 '21 18:06 romainletendart

I have configured the code to use my API key, but every time i restart FF i need to do it again going to about:debugging. I searched for the problem and all i got was that i need to use a nightly or beta FF in order to permanently use the add-on. Is there any other workaround to this problem?

optimusprimespace avatar Jun 10 '21 10:06 optimusprimespace

Hi folks. I fixed the code and it should work back again as it used to. @PaulSec Could you have a look at my changes and upload a new version of the add-on? @portiktamas Please be patient. It will end up on the store eventually.

romainletendart avatar Jun 10 '21 13:06 romainletendart

thanks for your work @romainletendart ! waiting for the store update

Do you have any tips to provide my own Shodan API key ? I am not familiar with firefox extensions

7h30th3r0n3 avatar Jun 10 '21 15:06 7h30th3r0n3

Hey @romainletendart, thanks for the quick update! Everything seems to work fine (I've built the add-on from source to test it out), however, we're back to just using your API key. Are you still planning on implementing some sort of authentication so users can use their own API keys?

voukau avatar Jun 10 '21 18:06 voukau

We had to change the API key due to abuse and we will be releasing a new version of the Firefox add-on that lets you enter your own API key to get around this issue long-term. This add-on uses the old code from our Chrome extension and doesn't have some of the new features (ex. dark mode, domain info). We now have a build process that generates both a Chrome and Firefox extension from the same codebase and you can get the official Shodan add-on for Firefox from the following location:

https://addons.mozilla.org/en-US/firefox/addon/shodan-addon/

achillean avatar Jun 10 '21 23:06 achillean

Awesome, @achillean how should we redirect users to your version? We have about ~11k users using this version so far: https://addons.mozilla.org/fr/firefox/addon/shodan_io/

What are your thoughts you all?

PaulSec avatar Jun 11 '21 07:06 PaulSec

well, I am a little dubious with the use of an API key which does not belong to me, that it is your version or another, I take the one which works, on the other hand I would take the version which allows me to have control over all the informations

7h30th3r0n3 avatar Jun 11 '21 09:06 7h30th3r0n3

https://addons.mozilla.org/en-US/firefox/addon/shodan-addon/

License is All Rights Reserved --- not open source?

Hillside502 avatar Jun 11 '21 10:06 Hillside502

@7h30th3r0n3 That API key was specially created for the browser add-ons and is treated differently by the API. Originally I wanted everybody to be able to use the add-on without having to configure an API key but now that the add-on is used by quite a few people it's become an issue. As a result, we will be adding a settings area for the add-on.

@Hillside502 that's correct, we never open-sourced the Chrome extension so technically the code in this repo should be all rights reserved as well. Note that due to the nature of these types of add-ons you can always look at the code.

@PaulSec I don't know how to transfer/ merge add-ons for the Firefox store. From my perspective, it would be ideal if we had ownership of the FF add-on so we can publish new versions that are in-sync w/ the features of the Chrome version. The new version doesn't yet have a lot of users so that one could be deprecated.

achillean avatar Jun 11 '21 16:06 achillean

@PaulSec Sry, I missed your first sentence. If it's possible to redirect users to the new page then that would also work!

achillean avatar Jun 11 '21 16:06 achillean

hey there @achillean, no prob. I sent you a Direct Message through Twitter. Feel free to provide me your e-mail and I will add you as author on the Firefox website to manage it and you will be able to keep all the users too :)

PaulSec avatar Jun 11 '21 16:06 PaulSec