When clicking on links posted on Vkontakte, you can see that, like in other social networks, first there is a transition to a “safe” link, after which the social network decides whether to let the user go further or not. Most attentive people noticed the half-second appearance of "vk.com/away.php" in the address bar of the browser, but, of course, did not attach any importance to this.
prehistory
One day, a certain programmer, having completed another project, realized that he was obsessed with the desire to tell everyone about it. The project was hosted on a server with a unique IP but no domain name. Therefore, I quickly made a beautiful third-level subdomain in the .ddns.net domain, which was eventually used as a link.
Returning to the post after some time, the programmer found that instead of the site, a VK stub opens, informing about the transition to an unsafe site:
It would seem that smart users themselves have the right to decide which site they go to and which not, but Vkontakte thinks differently and does not provide any opportunity to follow the link without crutches.
What's wrong
This implementation has several significant drawbacks:
- The inability to open a suspicious site. As mentioned above, the user does not have the ability to overcome the stub. The only way to open the link is to copy it and paste it into the address bar.
- Slows down the link. The redirect speed depends on the ping. Accordingly, with a large ping, precious seconds of life may be lost, which, as we know, is not acceptable.
- Transition monitoring. This method makes it easier to collect information about user actions, which, of course, VK uses, adding to the safe link the id of the post from which the transition was made.
Freeing Django
The best solution to all of the above problems can be a browser extension. For obvious reasons, the choice falls on Chrome. There is an excellent article devoted to writing extensions for Chrome.
To create such an extension, we need to create two files in a separate folder: json-Manifest and a JavaScript file for monitoring the current url address.
Create a Manifest file
The main thing we need is to give the extension permission to work with tabs and assign an executable script:
{
"manifest_version": 2,
"name": "Run Away From vk.com/away",
"version": "1.0",
"background": {
"scripts": ["background.js"]
},
"permissions": ["tabs"],
"browser_action": {
"default_title": "Run Away From vk.com/away"
}
}
Create js file
Everything is simple here: in the event called when a new tab is created, we add a check for the url address if it starts with "”, then we replace it with the correct one, which is in the GET request:
chrome.tabs.onCreated.addListener( function (tabId, changeInfo, tab) {
chrome.tabs.query({'active': true, 'lastFocusedWindow': true}, function (tabs) {
var url = tabs[0].url;
if (url.substr(0,23) == "https://vk.com/away.php"){
var last = url.indexOf("&", 0)
if(last == -1)last = 1000;
var url = decodeURIComponent(url.substr(27, last-27));
chrome.tabs.update({url: url});
}
});
});
We collect the extension
After making sure that both files are in the same folder, open Chrome, select the extension tab and click "Load unpacked extension". In the window that opens, select the folder written extended and click collect. Ready! Now all links like vk.com/away are replaced with the original ones.
Instead of a conclusion
Of course, this type of stub has saved many people from millions of scam sites, however, I believe that people have the right to decide for themselves whether to go to an insecure link or not.
For convenience, I posted the project on .
Source: habr.com