├── images ├── icon-16.png ├── icon-32.png ├── icon-48.png └── icon-128.png ├── manifest.json ├── LICENSE ├── README.md ├── background.js ├── SECURITY.md └── cloak.js /images/icon-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/shanselman/azurecloak/main/images/icon-16.png -------------------------------------------------------------------------------- /images/icon-32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/shanselman/azurecloak/main/images/icon-32.png -------------------------------------------------------------------------------- /images/icon-48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/shanselman/azurecloak/main/images/icon-48.png -------------------------------------------------------------------------------- /images/icon-128.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/shanselman/azurecloak/main/images/icon-128.png -------------------------------------------------------------------------------- /manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "manifest_version": 3, 3 | "name": "Cloud Cloak", 4 | "description": "Enables 'cloak mode' for Microsoft Cloud Portals", 5 | "version": "1.0", 6 | "icons": { 7 | "16": "images/icon-16.png", 8 | "32": "images/icon-32.png", 9 | "48": "images/icon-48.png", 10 | "128": "images/icon-128.png" 11 | }, 12 | "background": { 13 | "service_worker": "background.js" 14 | }, 15 | "action": { 16 | "default_icon": { 17 | "16": "images/icon-16.png", 18 | "32": "images/icon-32.png", 19 | "48": "images/icon-48.png", 20 | "128": "images/icon-128.png" 21 | } 22 | }, 23 | "permissions": [ 24 | "activeTab", 25 | "scripting", 26 | "webNavigation" 27 | ], 28 | "host_permissions": [ 29 | "https://*/" 30 | ] 31 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # "Cloud Cloak" Browser Extension 2 | 3 | This is a browser extension for folks who might be streaming or presenting while simultaneously showing one of the Microsoft Cloud Portals. It does its very best to hide connection strings, email addresses, avatars, and anything that might show secure or personal information. It's not perfect, but it's 95% solid. The goal is to avoid any kind of information leakage when presenting or streaming while live coding. 4 | 5 | ## Installing the Extension 6 | 7 | 1. [Download and unzip the latest version of the extension](https://github.com/microsoft/azurecloak/archive/refs/heads/main.zip) (or clone this repository) 8 | 2. Open the Edge or Chrome browser 9 | 3. Navigate to the browser's `Extensions` page 10 | - Click `...`, then `Extensions`, then `Manage extensions` 11 | 4. Enable `Developer mode` 12 | 5. Select `Load unpacked` and navigate to the directory containing the extension code 13 | 6. Pin the extension icon to the toolbar 14 | - Click the extension "puzzle piece" in the browser toolbar, then `...` for the extension, then `Show in toolbar` 15 | 16 | ## Using the Extension 17 | 18 | 1. Navigate to the [Azure Portal](https://portal.azure.com/), [Entra](https://entra.microsoft.com), [GitHub](https://github.com), etc. 19 | 2. Click the extension icon in the toolbar to toggle it from `OFF` to `ON` 20 | 3. Confirm that sensitive data like IP addresses, GUIDs, and email addresses are blurred-out 21 | 22 | ## Reporting Issues 23 | 24 | 1. [Open the project's `Issues` page](https://github.com/microsoft/azurecloak/issues) 25 | 2. Look for an existing issue that describes your scenario 26 | 3. OR create a new issue 27 | - Please provide detailed steps to reproduce the issue 28 | -------------------------------------------------------------------------------- /background.js: -------------------------------------------------------------------------------- 1 | const extensions = [ 2 | 'https://portal.azure.com', 3 | 'https://ms.portal.azure.com', 4 | 'https://rc.portal.azure.com', 5 | 'https://preview.portal.azure.com', 6 | 'https://entra.microsoft.com', 7 | 'https://intune.microsoft.com', 8 | 'https://ai.azure.com', 9 | 'https://admin.microsoft.com', 10 | 'https://sip.security.microsoft.com', 11 | 'https://purview.microsoft.com', 12 | 'https://make.powerapps.com', 13 | 'https://make.preview.powerapps.com', 14 | 'https://msazure.visualstudio.com', 15 | 'https://github.com', 16 | 'https://copilotstudio.microsoft.com', 17 | 'https://copilotstudio.preview.microsoft.com' 18 | ]; 19 | 20 | async function loadScriptAndStartCloaking(tabId, frameIds, allFrames) { 21 | await chrome.scripting.executeScript({ 22 | target: { tabId, allFrames, frameIds }, 23 | files: ['cloak.js'] 24 | }); 25 | await chrome.scripting.executeScript({ 26 | target: { tabId, allFrames, frameIds }, 27 | function: () => { cloakTextAndStartObserving(); }, 28 | }); 29 | } 30 | 31 | chrome.runtime.onInstalled.addListener(() => { 32 | chrome.action.setBadgeText({ 33 | text: 'OFF' 34 | }); 35 | }); 36 | 37 | chrome.webNavigation.onCompleted.addListener(async (details) => { 38 | const currentState = await chrome.action.getBadgeText({ tabId: details.tabId }); 39 | 40 | if (currentState === 'ON' && details.frameId !== 0) { // This is an iframe 41 | loadScriptAndStartCloaking(details.tabId, [details.frameId], false); 42 | } 43 | }, { url: [{ urlMatches: 'https://*/*' }] }); // Matches all https URLs 44 | 45 | // When the user clicks on the extension action 46 | chrome.action.onClicked.addListener(async (tab) => { 47 | if (extensions.some((url) => tab.url.startsWith(url))) { 48 | // We retrieve the action badge to check if the extension is 'ON' or 'OFF' 49 | const prevState = await chrome.action.getBadgeText({ tabId: tab.id }); 50 | // Next state will always be the opposite 51 | const nextState = prevState === 'ON' ? 'OFF' : 'ON'; 52 | 53 | // Set the action badge to the next state 54 | await chrome.action.setBadgeText({ 55 | tabId: tab.id, 56 | text: nextState 57 | }); 58 | 59 | if (nextState === 'ON') { 60 | // Blur the text 61 | loadScriptAndStartCloaking(tab.id, null, true); 62 | } else if (nextState === 'OFF') { 63 | chrome.scripting.executeScript({ 64 | target: { tabId: tab.id, allFrames: true }, 65 | function: () => { unCloakTextAndStopObserving(); }, 66 | }); 67 | } 68 | } 69 | }); 70 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Security 4 | 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet) and [Xamarin](https://github.com/xamarin). 6 | 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/security.md/definition), please report it to us as described below. 8 | 9 | ## Reporting Security Issues 10 | 11 | **Please do not report security vulnerabilities through public GitHub issues.** 12 | 13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/security.md/msrc/create-report). 14 | 15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/security.md/msrc/pgp). 16 | 17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 18 | 19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: 20 | 21 | * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) 22 | * Full paths of source file(s) related to the manifestation of the issue 23 | * The location of the affected source code (tag/branch/commit or direct URL) 24 | * Any special configuration required to reproduce the issue 25 | * Step-by-step instructions to reproduce the issue 26 | * Proof-of-concept or exploit code (if possible) 27 | * Impact of the issue, including how an attacker might exploit the issue 28 | 29 | This information will help us triage your report more quickly. 30 | 31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/security.md/msrc/bounty) page for more details about our active programs. 32 | 33 | ## Preferred Languages 34 | 35 | We prefer all communications to be in English. 36 | 37 | ## Policy 38 | 39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/security.md/cvd). 40 | 41 | 42 | -------------------------------------------------------------------------------- /cloak.js: -------------------------------------------------------------------------------- 1 | // MutationObserver to watch for changes in the DOM 2 | if (!window.cloakObserver) { 3 | window.cloakObserver = new MutationObserver(cloakText); 4 | } 5 | 6 | function matchPatterns(value) { 7 | const guidPattern = /\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b/; 8 | const emailPattern = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/; 9 | const domainPattern = /(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}/; 10 | const ipv4Pattern = /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/; 11 | 12 | if (guidPattern.test(value) || emailPattern.test(value) || domainPattern.test(value) || ipv4Pattern.test(value)) { 13 | return true; 14 | } 15 | return false; 16 | } 17 | 18 | function applyFilter(shouldCloak) { 19 | const filter = shouldCloak ? "blur(5px)" : "none"; 20 | const maskText = "*****"; 21 | const elements = document.querySelectorAll("body *"); 22 | for (const element of elements) { 23 | // Handle title 24 | const title = element.getAttribute("title"); 25 | const maskTitle = element.getAttribute("maskTitle"); 26 | if ( 27 | (shouldCloak && title && matchPatterns(title)) || 28 | (!shouldCloak && maskTitle && matchPatterns(maskTitle)) 29 | ) { 30 | element.style.filter = filter; 31 | if (shouldCloak) { 32 | element.setAttribute("title", maskText); 33 | element.setAttribute("maskTitle", title); 34 | } else { 35 | element.setAttribute("title", maskTitle); 36 | element.removeAttribute("maskTitle"); 37 | } 38 | continue; 39 | } 40 | // Handle children 41 | for (const child of element.childNodes) { 42 | if ( 43 | (child.nodeType === Node.TEXT_NODE) && 44 | matchPatterns(child.nodeValue) 45 | ) { 46 | element.style.filter = filter; 47 | break; 48 | } 49 | } 50 | } 51 | } 52 | 53 | function cloakText() { 54 | applyFilter(true); 55 | } 56 | 57 | function cloakTextAndStartObserving() { 58 | cloakText(); 59 | 60 | // Start observing the whole document for changes 61 | window.cloakObserver && window.cloakObserver.observe(document.body, { 62 | childList: true, // Watch for added/removed elements 63 | subtree: true // Watch the entire subtree of the document 64 | }); 65 | } 66 | 67 | function unCloakTextAndStopObserving() { 68 | window.cloakObserver && window.cloakObserver.disconnect(); 69 | window.cloakObserver = null; 70 | applyFilter(false); 71 | } 72 | 73 | window.unCloakTextAndStopObserving = unCloakTextAndStopObserving; 74 | window.cloakTextAndStartObserving = cloakTextAndStartObserving; 75 | --------------------------------------------------------------------------------