PreventStealerV2

Enhanced security addon to detect and block malicious password reset attempts

Comment installer

Vous devrez installer une extension telle que Tampermonkey, Greasemonkey ou Violentmonkey pour installer ce script.

You will need to install an extension such as Tampermonkey to install this script.

Vous devrez installer une extension telle que Tampermonkey ou Violentmonkey pour installer ce script.

Vous devrez installer une extension telle que Tampermonkey ou Userscripts pour installer ce script.

Vous devrez installer une extension telle que Tampermonkey pour installer ce script.

Vous devrez installer une extension de gestionnaire de script utilisateur pour installer ce script.

(J'ai déjà un gestionnaire de scripts utilisateur, laissez-moi l'installer !)

Comment installer

Vous devrez installer une extension telle que Stylus pour installer ce style.

Vous devrez installer une extension telle que Stylus pour installer ce style.

Vous devrez installer une extension telle que Stylus pour installer ce style.

Vous devrez installer une extension du gestionnaire de style pour utilisateur pour installer ce style.

Vous devrez installer une extension du gestionnaire de style pour utilisateur pour installer ce style.

Vous devrez installer une extension du gestionnaire de style pour utilisateur pour installer ce style.

(J'ai déjà un gestionnaire de style utilisateur, laissez-moi l'installer!) 

// ==UserScript==
// @name         PreventStealerV2
// @namespace    http://tampermonkey.net/
// @version      1.8
// @description  Enhanced security addon to detect and block malicious password reset attempts
// @author       Simon, Zpayer
// @match        https://www.kogama.com/*
// @icon         https://www.google.com/s2/favicons?sz=64&domain=kogama.com
// @grant        none
// @run-at       document-start
// ==/UserScript==

(function() {
    'use strict';
   const ALLOWED_PATTERNS = [
        /^\/api\/product\/subscription\/?$/,
        /^\/api\/product\/subscription\/promote-free\/?$/,
        /^\/api\/product\/gold\/?$/,
        /^\/api\/report\/types\/?$/,
        /^\/api\/report\/\d+\/\w+\/?$/,
        /^\/game\/\d+\/?$/,
        /^\/game\/published\/?$/,
        /^\/game\/\d+\/publish\/?$/,
        /^\/game\/gs-archive\/\?kogama_id=\d+&gs_id=\w+&title=[^&]+$/,
        /^\/user\/\d+\/?$/,
        /^\/user\/\d+\/game\/?$/,
        /^\/user\/\d+\/friend\/?$/,
        /^\/user\/\d+\/invitations\/?$/,
        /^\/user\/\d+\/password\/?$/,
        /^\/user\/\d+\/avatar\/\w+\/?$/,
        /^\/user\/\d+\/avatar\/?$/,
        /^\/user\/\d+\/username\/?$/,
        /^\/user\/\d+\/username\/\?username=\w+$/,
        /^\/user\/username\/\?username=\w+$/,
        /^\/user\/\d+\/email\/?$/,
        /^\/user\/\d+\/password-reset\/?$/,
        /^\/user\/\d+\/policy-accepted\/?$/,
        /^\/user\/\d+\/claim-daily-gold\/?$/,
        /^\/user\/\d+\/password-reset-required\/?$/,
        /^\/\d+badge\/\w+\/?$/,
        /^\/\d+badge\/\w+\/read\/?$/,
        /^\/api\/feed\/\d+\/?$/,
        /^\/api\/emote\/\d+\/?$/,
        /^\/api\/emote\/\d+\/\w+\/?$/,
        /^\/api\/emote\/emote-set\/?$/,
        /^\/api\/emote\/emote-set\/\d+\/?$/,
        /^\/api\/emote\/emote-set-emote\/?$/,
        /^\?emote-set-id=\d+$/,
        /^\/api\/emote\/emote-set-emote\/\d+\/?$/,
        /^\/api\/emote\/emote-set-transfer\/?$/,
        /^\/api\/app\/regions\/?$/,
        /^\/api\/spin\/data\/?$/,
        /^\/api\/news\/\d+\/?$/,
        /^\/api\/news\/unread\/?$/,
        /^\/model\/market\/?$/,
        /^\/model\/market\/\d+\/?$/,
        /^\/api\/shop\/\d+\/?$/,
        /^\/\d+\/comment\/?$/,
        /^\/api\/feed\/\d+\/comment\/?$/,
        /^\/game\/\d+\/comment\/?$/,
        /^\/server\/game\/?$/,
        /^\/server\/project\/?$/,
        /^\/server\/character\/?$/,
        /^\/locator\/session\/?$/,
        /^\/locator\/session\/\d+\/ping\/?$/,
        /^\/locator\/session\/\d+\/leave\/?$/,
        /^\/locator\/session\/\d+\/?$/,
        /^\/locator\/session\/\d+\/reauth\/?$/,
        /^\/api\/reward\/game-play\/?$/,
        /^\/v1\/api\/reward\/game-play\/?$/,
        /^\/v1\/api\/reward\/game-data\/?$/,
        /^\/v1\/api\/reward\/published\/?$/,
        /^\/chat\/\w+\/?$/,
        /^\/chat\/\d+\/history\/\w+\/?$/,
        /^\/user\/\d+\/friend\/chat\/?$/,
        /^\/user\/\d+\/friend\/chat\/\w+\/?$/,
        /^\/v1\/user\/\d+\/ping\/?$/,
        /^\/user\/\d+\/pulse\/?$/,
        /^\/v1\/stat\/p\/?$/,
        /^\/api\/onboarding\/\d+\/?$/,
        /^\/v1\/notify\/c\/\?token=\d+&generation=[^&]+$/,
        /^\/v1\/notify\/c\/seen\/\?token=\d+&generation=[^&]+$/,
        /^\/v1\/payment\/stripe\/charge\/?$/,
        /^\/help\/install\/chrome-help-sections\/?$/,
        /^\?version=\d+$/,
        /^\/help\/install\/other-help-sections\/?$/,
        /^\/profile\/\d+\/?$/,
        /^\/games\/profile\/\d+\/?$/,
        /^\/games\/play\/\d+\/?$/,
        /^\?local=1$/,
        /^\/games\/?$/,
        /^\/build\/\d+\/project\/?$/,
        /^\/build\/\d+\/project\/\w+\/?$/,
        /^\/build\/\d+\/project\/\w+\/edit\/?$/,
        /^\/purchase\/?$/,
        /^\/login\/\?next=[^&]+$/,
        /^\/register\/?$/,
        /^\/register\/\?xp=\d+&signature=\w+$/,
        /^\/auth\/logout\/?$/,
        /^\/page\/disconnected\/\?reason=idle$/,
        /^\/page\/embed\/disconnected\/\?reason=idle$/,
        /^\/page\/disconnected\/?$/,
        /^\/page\/webgl-frame\/?$/,
        /^\/help\/install\/kogama-launcher-windows\/?$/,
        /^\/page\/new-plugin-installed-reward\/?$/,
        /^\/news\/\w+\/?$/,
        /^\/subscription\/subscribe\/?$/,
        /^\/payment\/options\/?$/,
        /^\/payment\/billing-information\/?$/,
        /^\/payment\/thank-you\/?$/,
        /^\/payment\/addons\/?$/,
        /^\/subscription\/manage\/?$/,
        /^\/marketplace\/?$/,
        /^\/locator\/session\/\?objectID=\d+&profileID=\d+&lang=\w+_\w+&type=\w+&referrer=\w+$/
    ];

    const PASSWORD_PROTECTION = {
        PROTECTED_ENDPOINTS: [
            /\/password-reset\/?$/,
            /\/password-reset-required\/?$/,
            /\/password\/?$/
        ],
        BLOCKED_METHODS: ['PUT', 'POST'],
        SUSPICIOUS_HEADERS: ['authorization', 'x-csrf-token', 'x-requested-with']
    };

    function isAllowed(url) {
        if (!url.startsWith('http')) return true;
        const path = new URL(url).pathname + new URL(url).search;
        return ALLOWED_PATTERNS.some(pattern => pattern.test(path));
    }

    function isPasswordEndpoint(url) {
        return PASSWORD_PROTECTION.PROTECTED_ENDPOINTS.some(pattern => pattern.test(url));
    }

    function isSuspiciousPasswordRequest(init) {
        if (!init) return false;
        if (PASSWORD_PROTECTION.BLOCKED_METHODS.includes(init.method?.toUpperCase())) {
            return true;
        }
        if (init.headers) {
            const headers = init.headers instanceof Headers ?
                Object.fromEntries(init.headers.entries()) :
                init.headers;

            return PASSWORD_PROTECTION.SUSPICIOUS_HEADERS.some(
                header => headers[header] && (headers[header].includes('Bearer') || headers[header].includes('Token'))
            );
        }

        return false;
    }

function logBlockedRequest(type, url, details = null) {
    console.warn(`[Security] Blocked ${type} to:`, url, details);

    const notification = document.createElement('div');
    Object.assign(notification.style, {
        position: 'fixed',
        bottom: '10px',
        right: '10px',
        backgroundColor: '#2d2d2d',
        color: '#e0e0e0',
        padding: '8px 12px',
        borderRadius: '4px',
        borderLeft: '3px solid #ff4444',
        fontSize: '13px',
        zIndex: '9999',
        maxWidth: '280px',
        boxShadow: '0 2px 8px rgba(0,0,0,0.2)'
    });

    notification.innerHTML = `
        <div style="font-weight:500;margin-bottom:4px;">Blocked ${type}</div>
        <div style="color:#aaa;font-size:12px;word-break:break-word;">${url}</div>
        ${details ? `<div style="margin-top:4px;color:#888;font-size:11px;">${details}</div>` : ''}
    `;

    document.body.appendChild(notification);
    setTimeout(() => notification.remove(), 5000);
}

    const originalFetch = window.fetch;
    window.fetch = function(resource, init) {
        const url = typeof resource === 'string' ? resource : resource.url;
        if (!isAllowed(url)) {
            logBlockedRequest('fetch', url);
            return Promise.reject(new Error(`Request to ${url} blocked by security policy`));
        }
        if (isPasswordEndpoint(url)) {
            if (isSuspiciousPasswordRequest(init)) {
                logBlockedRequest('fetch', url, 'Suspicious password change attempt blocked');
                return Promise.reject(new Error('Suspicious password change attempt blocked'));
            }
        }

        if (url.includes('discord.com/api/webhooks')) {
            logBlockedRequest('fetch', url, 'Webhook requests are blocked');
            return Promise.reject(new Error('Webhook requests are blocked'));
        }

        return originalFetch.apply(this, arguments);
    };

    const originalOpen = XMLHttpRequest.prototype.open;
    XMLHttpRequest.prototype.open = function(method, url) {
        if (!isAllowed(url)) {
            logBlockedRequest('XHR', url);
            throw new Error(`Request to ${url} blocked by security policy`);
        }
        return originalOpen.apply(this, arguments);
    };

    const originalWebSocket = window.WebSocket;
    window.WebSocket = function(url, protocols) {
        if (!isAllowed(url)) {
            logBlockedRequest('WebSocket', url);
            throw new Error(`WebSocket connection to ${url} blocked by security policy`);
        }
        return new originalWebSocket(url, protocols);
    };

    console.log('%c[ PREVENTSTEALERV2 ] Monitoring for any suspicious traffic. . . ', 'color: #856F81; font-weight: bold;');
})();