-
Notifications
You must be signed in to change notification settings - Fork 291
ManifestV2 Bypasses
Full credit to @NotAProton for the first bypass, the original gist for this page is where this page comes from.
Don't waste your time with compliance. FastForward automatically skips annoying link shorteners.
Generally, there are 2 types of bypasses for both MV2 and MV3.
- Instant bypass: These utilize Javascript to find the final destination link within the page source and navigate the user to that link
- Crowd bypass: For sites with multiple captchas or backend validation to make sure you've waitied, a crowd bypass is required. These type of bypasses require a starting link and a final link, which are stored on a server.
This guide will show you both a instant and crowd bypass example.
For this bypass we will be making a bypass for dutchycorp.space
.
Steps to find the final destination:
-
Manually solve the captcha or follow the steps on the site and obtain the destination of the shortener. In my case this is
http://dutchycorp.ovh/sl/DmtIL8Om
-
Go back to the shortener's site and Press Ctrl+U (Cmd + U) or right-click and select "View Page Source"
-
Press Ctrl+F (Cmd + F on Mac) and search for the destination
-
The destination is the href of an anchor tag
<a href="http://dutchycorp.ovh/sl/DmtIL8Om?verif=kVW6TL0r">
- Make the bypass-
Bypasses generally follow this format
domainBypass("example.com", () => {
ensureDomLoaded(() => {
// You can use ifElement to check if an element is available via document.querySelector:
ifElement("a#skip_button[href]", a => {
safelyNavigate(a.href)
// safelyNavigate asserts that given URL is valid before navigating and returns false if not
})
})
})
Making the bypass for dutchycorp would've been really easy if the anchor tag with the destination had an id
domainBypass("dutchycorp.space", () => {
ensureDomLoaded(() => {
// If the anchor tag had id="SKIPBTN"
ifElement("a#SKIPBTN[href]", a => {
safelyNavigate(a.href)
})
})
})
But it does not, however the anchor tag is inside a div which does have an id.
<div id="cl1" class="hide"><center><a href="http://dutchycorp.ovh/sl/DmtIL8Om?verif=kVW6TL0r">
We can now check if the div with id cl1
exists and then safely navigate to the href of the anchor element inside it:
ifElement("div#cl1", d => {
safelyNavigate(d.getElementsByTagName("a")[0].href)
})
And thus, the bypass for dutchycorp.space
is
domainBypass("dutchycorp.space", () => {
ifElement("div#cl1", d => {
safelyNavigate(d.getElementsByTagName("a")[0].href)
})
})
This tutorial is for a site that cannot be bypassed manually
The site I want to navigate to is https://www.youtube.com/watch?v=dQw4w9WgXcQ
, and the link shortner link is https://ouo.io/zyiPY
.
The basic template for our bypass is
domainBypass(/ouo\.(press|io)/, () => {
// We use regex to account for both domains
})
We'll first test to make sure that there's no slashes after the domain name in our link (this makes it a different type of redirect which FF cannot bypass). After that, we check to find either "go" or "find" after the first slash in the captcha link
domainBypass(/ouo\.(press|io)/, () => {
if (location.pathname !== '/') {
if (/(go|fbc)/.test(location.pathname.split("/")[1])) {
}
else {
}
}
})
Finally, if the captcha's done, we can just submit the form for the user and redirect them to the final destination. If the captcha is not complete, the extension will have the user finish the captcha and will store both the ouo.io link and the final destination link. This leads us to our final bypass.
domainBypass(/ouo\.(press|io)/, () => {
if (location.pathname !== '/') {
if (/(go|fbc)/.test(location.pathname.split("/")[1])) {
document.querySelector("form").submit()
}
else {
ifElement("form#form-captcha", form => {
form.action = `/xreallcygo${location.pathname}`
form.submit()
}, () => crowdBypass())
}
}
})