Search code examples
dnsfirefox-addon-webextensions

Can a WebExtension override server IP addresses?

Is it possible for a WebExtension to override the IP address of a server, or to modify/intercept DNS requests or override the DNS cache? I'm trying to code a WebExtension that provides browsers with the same functionality as cURL's --resolve.

Specifically, to:

  • connect to a different IP than the one published in DNS
  • add entries for particular non-existent domains that the user wishes to resolve as if they existed (e.g. patching in access to an OpenNIC site via a WebExtension could be more robust and far less disruptive to the broader system/network than playing whack-a-mole with volunteer-run DNS servers that never stay online for more than a few years)
  • "resolve" particular entries while the relevant DNS server is offline
  • cache or pin DNS entries in a software-defined way in preparation for a known upcoming DNS poisoning attack

In short: to simulate the effect of a hosts file, but without administrative privileges / messing with the rest of the system.

Solution

  • Yes, but (for now) not trivially.

    WebExtensions cannot rewrite these responses directly, but they can use the browser.proxy.onRequest API with ProxyInfo.proxyDNS to redirect DNS requests for affected domains through a SOCKS4 or SOCKS5 proxy which mangles the responses.

    You will, however, need a Native Host component (or a VPS, etc.) to actually run this proxy -- at least until Firefox adds support for WebExtension-run sockets (or provides a built-in non-socket-based proxying API).