Skip to content

ManifestV2 Bypasses

0xc60f edited this page Mar 29, 2023 · 3 revisions

Full credit to @NotAProton for the first bypass, the original gist for this page is where this page comes from.

FastForward

Don't waste your time with compliance. FastForward automatically skips annoying link shorteners.

Discord

Get FastForward on Chromium based browsers Get FastForward on Microsoft Edge Get FastForward for Firefox

MV2 Bypasses

Generally, there are 2 types of bypasses for both MV2 and MV3.

  • Instant bypass: These utilize Javascript to find the final destination link within the page source and navigate the user to that link
  • Crowd bypass: For sites with multiple captchas or backend validation to make sure you've waitied, a crowd bypass is required. These type of bypasses require a starting link and a final link, which are stored on a server.

This guide will show you both a instant and crowd bypass example.

Instant Bypass

For this bypass we will be making a bypass for dutchycorp.space.

image

Steps to find the final destination:

  1. Manually solve the captcha or follow the steps on the site and obtain the destination of the shortener. In my case this is http://dutchycorp.ovh/sl/DmtIL8Om

  2. Go back to the shortener's site and Press Ctrl+U (Cmd + U) or right-click and select "View Page Source"

  3. Press Ctrl+F (Cmd + F on Mac) and search for the destination image

  4. The destination is the href of an anchor tag

<a href="http://dutchycorp.ovh/sl/DmtIL8Om?verif=kVW6TL0r">
  1. Make the bypass-

Bypasses generally follow this format

domainBypass("example.com", () => {
	ensureDomLoaded(() => {
	// You can use ifElement to check if an element is available via document.querySelector:
	    ifElement("a#skip_button[href]", a => {
		    safelyNavigate(a.href)
		// safelyNavigate asserts that given URL is valid before navigating and returns false if not
	    })
    })
})

Making the bypass for dutchycorp would've been really easy if the anchor tag with the destination had an id

domainBypass("dutchycorp.space", () => {
	ensureDomLoaded(() => {
	// If the anchor tag had id="SKIPBTN"
	    ifElement("a#SKIPBTN[href]", a => {
		    safelyNavigate(a.href)
	    })
    })
})

But it does not, however the anchor tag is inside a div which does have an id.

<div id="cl1" class="hide"><center><a href="http://dutchycorp.ovh/sl/DmtIL8Om?verif=kVW6TL0r">

We can now check if the div with id cl1 exists and then safely navigate to the href of the anchor element inside it:

ifElement("div#cl1", d => {
    safelyNavigate(d.getElementsByTagName("a")[0].href)  
})

And thus, the bypass for dutchycorp.space is

domainBypass("dutchycorp.space", () => {
    ifElement("div#cl1", d => {
        safelyNavigate(d.getElementsByTagName("a")[0].href)
        
    })
})

Crowd Bypass

This tutorial is for a site that cannot be bypassed manually

The site I want to navigate to is https://www.youtube.com/watch?v=dQw4w9WgXcQ, and the link shortner link is https://ouo.io/zyiPY.

The basic template for our bypass is

domainBypass(/ouo\.(press|io)/, () => {
    // We use regex to account for both domains
    })

We'll first test to make sure that there's no slashes after the domain name in our link (this makes it a different type of redirect which FF cannot bypass). After that, we check to find either "go" or "find" after the first slash in the captcha link

domainBypass(/ouo\.(press|io)/, () => {
        if (location.pathname !== '/') {
            if (/(go|fbc)/.test(location.pathname.split("/")[1])) {
            }
            else {
            }
        }
    })

Finally, if the captcha's done, we can just submit the form for the user and redirect them to the final destination. If the captcha is not complete, the extension will have the user finish the captcha and will store both the ouo.io link and the final destination link. This leads us to our final bypass.

domainBypass(/ouo\.(press|io)/, () => {
        if (location.pathname !== '/') {
            if (/(go|fbc)/.test(location.pathname.split("/")[1])) {
                document.querySelector("form").submit()
            }
            else {
                ifElement("form#form-captcha", form => {
                    form.action = `/xreallcygo${location.pathname}`
                    form.submit()
                }, () => crowdBypass())
            }
        }
    })