From 81579961d75c9f87413db8c8d7d58cbc79b8e8d1 Mon Sep 17 00:00:00 2001 From: fyr77 Date: Wed, 3 Mar 2021 19:02:39 +0100 Subject: [PATCH] rework to allow multiple dns profiles in one config --- finalize.html | 36 ++++++ index.html | 72 +++++++---- js/finalize.js | 323 +++++++++++++++++++++++++++++++++++++++++++++++++ js/tool.js | 227 +++++++--------------------------- legal.html | 3 +- premades.html | 5 +- tool.html | 31 +++-- 7 files changed, 475 insertions(+), 222 deletions(-) create mode 100644 finalize.html create mode 100644 js/finalize.js diff --git a/finalize.html b/finalize.html new file mode 100644 index 0000000..a235d9d --- /dev/null +++ b/finalize.html @@ -0,0 +1,36 @@ + + + + + + DNS Profile Creator + + + + + + + + + +

Secure DNS profile creator

+

For iOS 14 or later and macOS Big Sur or later

+ +
+ About + Tool + Pre-made profiles + Finalize profile + GitHub + Legal +
+
+
+
+
+ + +
+ + + \ No newline at end of file diff --git a/index.html b/index.html index 582186d..07c395d 100644 --- a/index.html +++ b/index.html @@ -1,5 +1,6 @@ + @@ -7,48 +8,71 @@ - + +
-

This website uses technical cookies. By continuing you agree to the use of these cookies. No personal data is stored or shared. Learn more

-
- +

This website uses technical cookies. By continuing you agree to the use of these cookies. No personal data is + stored or shared. Learn more

+ +

Secure DNS profile creator

For iOS 14 or later and macOS Big Sur or later

- +
- About + About Tool Pre-made profiles + Finalize profile GitHub Legal
- +
- +

What is this?

-

This website allows you to create configuration profiles for your Apple device to use the new built-in encrypted DNS options.

+

This website allows you to create configuration profiles for your Apple device to use the new built-in encrypted + DNS options.

Details

-

Apple has included built-in support for DNS-over-HTTPS and DNS-over-TLS in their iOS 14 and macOS Big Sur updates. But there is no possibility to use this new feature without a third-party app or configuration profiles. I personally preferred not to install some app to manage this for me.
- This websites generates a configuration profile which is installable on your system and activates encrypted DNS.

+

Apple has included built-in support for DNS-over-HTTPS and DNS-over-TLS in their iOS 14 and macOS Big Sur + updates. But there is no possibility to use this new feature without a third-party app or configuration + profiles. I personally preferred not to install some app to manage this for me.
+ This websites generates a configuration profile which is installable on your system and activates encrypted DNS. +

Why not use an app?

-

I prefer to use tools which I can make sure do exactly what they claim to do. Configuration profiles are rather transparent, they can be opened with any text editor and viewed. This website is completely open-source.
- An app off the App Store might do what it should, sure. But it also might capture data inbetween and negate the privacy advantage that DoH and DoT bring.

+

I prefer to use tools which I can make sure do exactly what they claim to do. Configuration profiles are rather + transparent, they can be opened with any text editor and viewed. This website is completely open-source.
+ An app off the App Store might do what it should, sure. But it also might capture data inbetween and negate the + privacy advantage that DoH and DoT bring.

How do I use this?

-

Visit this website using you Apple device and navigate to the tool. Then, select a pre-made configuration or enter your own settings and click/tap "Download profile". Then, open the downloaded file using the "Files" app.
- Your device will ask you a few times, be sure to accept the warnings.
- The generated profiles are not signed. This is normal.

+

Visit this website using you Apple device and navigate to the tool. Then, select a pre-made configuration or + enter your own settings and click/tap "Download profile". Then, open the downloaded file using the "Files" app. +
+ Your device will ask you a few times, be sure to accept the warnings.
+ The generated profiles are not signed. This is normal.

Why should I care about encrypted DNS?

-

DNS is basically the phone book of the internet. If you visit a website, your computer first contacts the DNS server to look up where its even supposed to connect to.
- While the traffic itself is often encrypted nowadays, the lookup itself still is not without DoH/DoT. So anyone in the same network will still know exactly which websites you visited.
- If you want to know more about this, give this blog post by Paul Miller a read, he explains the subject very nicely.

+

DNS is basically the phone book of the internet. If you visit a website, your computer first contacts the DNS + server to look up where its even supposed to connect to.
+ While the traffic itself is often encrypted nowadays, the lookup itself still is not without DoH/DoT. So anyone + in the same network will still know exactly which websites you visited.
+ If you want to know more about this, give this blog post by + Paul Miller a read, he explains the subject very nicely.

DNS-over-HTTPS or DNS-over-TLS?

There isn't a huge difference between the two protocols.
- DoH is harder to spot in regular network traffic and is also less likely to be blocked in a corporate environment, since it uses the same port as any secured website.
- DoT is possibly faster, since it uses one layer of transport less. But it uses it's own port and is therefore obvious to any other people monitoring the network - and might be blocked behind very strict firewalls.

-

In the end, it's more personal preference than anything else. If your system supports both - as Apple systems do - you can choose whatever you want.

+ DoH is harder to spot in regular network traffic and is also less likely to be blocked in a corporate + environment, since it uses the same port as any secured website.
+ DoT is possibly faster, since it uses one layer of transport less. But it uses it's own port and is therefore + obvious to any other people monitoring the network - and might be blocked behind very strict firewalls.

+

In the end, it's more personal preference than anything else. If your system supports both - as Apple systems do + - you can choose whatever you want.

Which provider should I choose?

-

This comes down to a few factors. First, location. Living in countries which block certain websites narrows your choice down considerably. Furthermore, different providers have different priorities. I suggest you do some research into the providers yourself. For example, you could take a look at this table which lists a few providers and compares them.

+

This comes down to a few factors. First, location. Living in countries which block certain websites narrows your + choice down considerably. Furthermore, different providers have different priorities. I suggest you do some + research into the providers yourself. For example, you could take a look at this table which lists a few providers and compares + them.

Support

-

This website does not use any ads or tracking. If you enjoy it and want to show some support, buy me a coffee. It's greatly appreciated!

+

This website does not use any ads or tracking. If you enjoy it and want to show some support, buy me a coffee. It's greatly appreciated!

+ \ No newline at end of file diff --git a/js/finalize.js b/js/finalize.js new file mode 100644 index 0000000..16f8edd --- /dev/null +++ b/js/finalize.js @@ -0,0 +1,323 @@ +window.onload = function () { + deleteTempCookies(); + buildList(); +} + +function deleteCard(cardNo) { + document.getElementById("card" + cardNo).remove(); + document.cookie = cardNo + "provName=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = cardNo + "doh=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = cardNo + "dns1v4=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = cardNo + "dns2v4=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = cardNo + "dns1v6=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = cardNo + "dns2v6=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = cardNo + "serverUrl=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = cardNo + "exclWifi=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = cardNo + "useWifi=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = cardNo + "useCell=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = cardNo + "lockProfile=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; +} + +function buildList() { + console.log(document.cookie.split("; ")); //DEBUG! + var parent = document.getElementById("dynamicList"); + + for (var i = 0; i < getCookie("runningNo"); i++) { + if (getCookie(i + "provName") != "") { + var carddiv = document.createElement("div"); + carddiv.classList.add("w3-card"); + carddiv.id = "card" + i; + + var header = document.createElement("header"); + header.classList.add("w3-container"); + header.classList.add("w3-light-gray"); + + var headertext = document.createElement("h3"); + headertext.classList.add("w3-left"); + headertext.appendChild(document.createTextNode(getCookie(i + "provName"))); + + var headerdel = document.createElement("button"); + headerdel.classList.add("w3-button"); + headerdel.classList.add("w3-red"); + headerdel.classList.add("w3-right") + headerdel.innerHTML = "X"; + + headerdel.setAttribute("onclick", 'deleteCard(' + i + ')'); + + var infocontainer = document.createElement("div"); + infocontainer.classList.add("w3-container"); + + var infop = document.createElement("p"); + + var infostring = "Connection type: "; + if (getCookie(i + "doh") == "true") { + infostring += "DNS-over-HTTPS"; + } else { + infostring += "DNS-over-TLS"; + } + infop.appendChild(document.createTextNode(infostring)); + infop.appendChild(document.createElement("br")); + var dns1v4 = getCookie(i + "dns1v4"); + var dns2v4 = getCookie(i + "dns2v4"); + var dns1v6 = getCookie(i + "dns1v6"); + var dns2v6 = getCookie(i + "dns2v6"); + var exclWifi = getCookie(i + "exclWifi"); + + if (dns1v4 != "") { + infostring = "Primary IPv4 DNS Server: " + getCookie(i + "dns1v4"); + infop.appendChild(document.createTextNode(infostring)); + infop.appendChild(document.createElement("br")); + } + if (dns2v4 != "") { + infostring = "Secondary IPv4 DNS Server: " + dns2v4; + infop.appendChild(document.createTextNode(infostring)); + infop.appendChild(document.createElement("br")); + } + if (dns1v6 != "") { + infostring = "Primary IPv6 DNS Server: " + dns1v6; + infop.appendChild(document.createTextNode(infostring)); + infop.appendChild(document.createElement("br")); + } + if (dns2v6 != "") { + infostring = "Secondary IPv6 DNS Server: " + dns2v6; + infop.appendChild(document.createTextNode(infostring)); + infop.appendChild(document.createElement("br")); + } + + infostring = "Server Address: " + getCookie(i + "serverUrl"); + infop.appendChild(document.createTextNode(infostring)); + infop.appendChild(document.createElement("br")); + + if (exclWifi != "") { + infostring = "Excluded WiFi SSIDs: " + exclWifi; + infop.appendChild(document.createTextNode(infostring)); + infop.appendChild(document.createElement("br")); + } + + infostring = ""; + + if (getCookie(i + "useWifi") == "true") { + infostring += "Enabled on WiFi. "; + } + if (getCookie(i + "useCell") == "true") { + infostring += "Enabled on Cellular. "; + } + if (getCookie(i + "lockProfile" == "true")) { + infostring += "Disablement prohibited. "; + } + infop.appendChild(document.createTextNode(infostring)); + + + + header.appendChild(headertext); + header.appendChild(headerdel); + carddiv.appendChild(header); + infocontainer.appendChild(infop); + carddiv.appendChild(infocontainer); + parent.appendChild(carddiv); + } + } +} + +function deleteTempCookies() { + document.cookie = "provName=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = "doh=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = "dns1v4=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = "dns2v4=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = "dns1v6=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = "dns2v6=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + document.cookie = "serverUrl=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; +} + +function getCookie(cname) { + var name = cname + "="; + var decodedCookie = decodeURIComponent(document.cookie); + var ca = decodedCookie.split(';'); + for (var i = 0; i < ca.length; i++) { + var c = ca[i]; + while (c.charAt(0) == ' ') { + c = c.substring(1); + } + if (c.indexOf(name) == 0) { + return c.substring(name.length, c.length); + } + } + return ""; +} + +function deleteAllCookies() { + var cookies = document.cookie.split(";"); + + for (var i = 0; i < cookies.length; i++) { + var cookie = cookies[i]; + var eqPos = cookie.indexOf("="); + var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie; + document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; + } +} + +function getRegDNS(iterator) { + var dns1v4 = getCookie(iterator + "dns1v4"); + var dns2v4 = getCookie(iterator + "dns2v4"); + var dns1v6 = getCookie(iterator + "dns1v6"); + var dns2v6 = getCookie(iterator + "dns2v6"); + var ip4format = /^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/; + var ip6format = /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/; + + var returnstring = "ServerAddresses\n\n"; + var dnsOverride = false; + + if (ip6format.test(dns1v6)) { + dnsOverride = true; + returnstring += "" + dns1v6 + "\n"; + } + if (ip6format.test(dns2v6)) { + dnsOverride = true; + returnstring += "" + dns2v6 + "\n"; + } + + if (ip4format.test(dns1v4)) { + dnsOverride = true; + returnstring += "" + dns1v4 + "\n"; + } + if (ip4format.test(dns2v4)) { + dnsOverride = true; + returnstring += "" + dns2v4 + "\n"; + } + + if (dnsOverride) { + returnstring += "\n"; + return returnstring; + } else { + return ""; + } +} + +function saveDynamicDataToFile() { + var fileString = "\n"; + fileString += "\n"; + fileString += "\n"; + fileString += "\n"; + fileString += "PayloadContent\n"; + fileString += "\n"; + + //DNS settings start + for (var i = 0; i < getCookie("runningNo"); i++) { + var provName = getCookie(i + "provName"); + if (provName != "") { //This check is to avoid empty configurations leftover by deletion. + var encValue = null; + if (getCookie(i + "doh") == "true") { + encValue = "HTTPS"; + } else { + encValue = "TLS"; + } + var exclWifi = getCookie(i + "") + + fileString += "\n"; + fileString += "DNSSettings\n"; + fileString += "\n"; + fileString += "DNSProtocol\n"; + fileString += "" + encValue + "\n"; + fileString += getRegDNS(i); + if (encValue == "HTTPS") { + fileString += "ServerURL\n"; + } else { + fileString += "ServerName\n"; + } + fileString += "" + getCookie(i + "serverUrl") + "\n"; + fileString += "\n"; + fileString += "OnDemandRules\n"; + fileString += "\n"; + if (exclWifi != "") { + fileString += "\n"; + fileString += "Action\n"; + fileString += "Disconnect\n"; + fileString += "SSIDMatch\n" + fileString += "\n"; + exclWifi.split(/\s*,\s*/).forEach(function (wifiString) { + fileString += "" + wifiString + "\n"; + }); + fileString += "\n"; + fileString += "\n"; + fileString += "\n"; + fileString += "Action\n"; + fileString += "Connect\n"; + fileString += "\n"; + } + if (getCookie(i + "useWifi") == "true") { + fileString += "\n"; + fileString += "Action\n"; + fileString += "Connect\n"; + fileString += "InterfaceTypeMatch\n"; + fileString += "WiFi\n"; + fileString += "\n"; + } + if (getCookie(i + "useCell") == "true") { + fileString += "\n"; + fileString += "Action\n"; + fileString += "Connect\n"; + fileString += "InterfaceTypeMatch\n"; + fileString += "Cellular\n"; + fileString += "\n"; + } + fileString += "\n"; + fileString += "Action\n"; + fileString += "Disconnect\n"; + fileString += "\n"; + fileString += "\n"; + fileString += "PayloadDescription\n"; + fileString += "Configures device to use " + provName + " Encrypted DNS over " + encValue + "\n"; + fileString += "PayloadDisplayName\n"; + fileString += "" + provName + " DNS over " + encValue + "\n"; + fileString += "PayloadIdentifier\n"; + fileString += "com.apple.dnsSettings.managed." + uuidv4() + "\n"; + fileString += "PayloadType\n"; + fileString += "com.apple.dnsSettings.managed\n"; + fileString += "PayloadUUID\n"; + fileString += "" + uuidv4() + "\n"; + fileString += "PayloadVersion\n"; + fileString += "1\n"; + fileString += "ProhibitDisablement\n"; + if (getCookie(i + "lockProfile") == "true") { + fileString += "\n"; + } else { + fileString += "\n"; + } + fileString += "\n"; + fileString += "\n"; + } + } + //DNS settings end + + fileString += "PayloadDescription\n"; + fileString += "Adds different encrypted DNS configurations to Big Sur and iOS 14 based systems\n"; + fileString += "PayloadDisplayName\n"; + fileString += "Encrypted DNS (DoH, DoT)\n"; + fileString += "PayloadIdentifier\n"; + fileString += "com.notjakob.apple-dns." + uuidv4() + "\n"; + fileString += "PayloadRemovalDisallowed\n"; + fileString += "\n"; + fileString += "PayloadType\n"; + fileString += "Configuration\n"; + fileString += "PayloadUUID\n"; + fileString += "" + uuidv4() + "\n"; + fileString += "PayloadVersion\n"; + fileString += "1\n"; + fileString += "\n"; + fileString += ""; + + var blob = new Blob([fileString], { + type: "text/plain;charset=utf-8" + }); + + deleteAllCookies(); + + saveAs(blob, "dns.mobileconfig"); +} + +function confirmDel() { + if (confirm("This will delete all configurations on this page. Continue?") == true) { + deleteAllCookies(); + window.location.reload(); + } +} \ No newline at end of file diff --git a/js/tool.js b/js/tool.js index 5a442bb..56ec692 100644 --- a/js/tool.js +++ b/js/tool.js @@ -1,195 +1,56 @@ function getCookie(cname) { - var name = cname + "="; - var decodedCookie = decodeURIComponent(document.cookie); - var ca = decodedCookie.split(';'); - for(var i = 0; i -1 ? cookie.substr(0, eqPos) : cookie; - document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure"; - } -} - -function getRegDNS() { - var dns1v4 = document.getElementById("dns1v4").value; - var dns2v4 = document.getElementById("dns2v4").value; - var dns1v6 = document.getElementById("dns1v6").value; - var dns2v6 = document.getElementById("dns2v6").value; - var ip4format = /^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/; - var ip6format = /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/; - - var returnstring = "ServerAddresses\n\n"; - var dnsOverride = false; - - if (ip6format.test(dns1v6)) { - dnsOverride = true; - returnstring += "" + dns1v6 + "\n"; - } - if (ip6format.test(dns2v6)) { - dnsOverride = true; - returnstring += "" + dns2v6 + "\n"; - } - - if (ip4format.test(dns1v4)) { - dnsOverride = true; - returnstring += "" + dns1v4 + "\n"; - } - if (ip4format.test(dns2v4)) { - dnsOverride = true; - returnstring += "" + dns2v4 + "\n"; - } - - if (dnsOverride) { - returnstring += "\n"; - return returnstring; - } - else { - return ""; - } -} - -function saveDynamicDataToFile() { - var encryption = document.getElementsByName('encryption'); - var encValue = null; - var provName = document.getElementById("provName").value; - - for (var i = 0, length = encryption.length; i < length; i++) { - if (encryption[i].checked) { - encValue = encryption[i].value; - // only one radio can be logically checked, don't check the rest - break; + var name = cname + "="; + var decodedCookie = decodeURIComponent(document.cookie); + var ca = decodedCookie.split(';'); + for (var i = 0; i < ca.length; i++) { + var c = ca[i]; + while (c.charAt(0) == ' ') { + c = c.substring(1); + } + if (c.indexOf(name) == 0) { + return c.substring(name.length, c.length); } } - var exclWifi = document.getElementById("exclWifi"); - - var fileString = "\n"; - fileString += "\n"; - fileString += "\n"; - fileString += "\n"; - fileString += "PayloadContent\n"; - fileString += "\n"; - fileString += "\n"; - fileString += "DNSSettings\n"; - fileString += "\n"; - fileString += "DNSProtocol\n"; - fileString += "" + encValue + "\n"; - fileString += getRegDNS(); - if (encValue == "HTTPS") { - fileString += "ServerURL\n"; - } - else { - fileString += "ServerName\n"; - } - fileString += "" + document.getElementById("serverUrl").value + "\n"; - fileString += "\n"; - fileString += "OnDemandRules\n"; - fileString += "\n"; - if (exclWifi.value != "") { - fileString += "\n"; - fileString += "Action\n"; - fileString += "Disconnect\n"; - fileString += "SSIDMatch\n" - fileString += "\n"; - exclWifi.value.split(/\s*,\s*/).forEach(function(wifiString) { - console.log(wifiString); - fileString += "" + wifiString + "\n"; - }); - fileString += "\n"; - fileString += "\n"; - fileString += "\n"; - fileString += "Action\n"; - fileString += "Connect\n"; - fileString += "\n"; - } - if (document.getElementById("useWifi").checked) { - fileString += "\n"; - fileString += "Action\n"; - fileString += "Connect\n"; - fileString += "InterfaceTypeMatch\n"; - fileString += "WiFi\n"; - fileString += "\n"; - } - if (document.getElementById("useCell").checked) { - fileString += "\n"; - fileString += "Action\n"; - fileString += "Connect\n"; - fileString += "InterfaceTypeMatch\n"; - fileString += "Cellular\n"; - fileString += "\n"; - } - fileString += "\n"; - fileString += "Action\n"; - fileString += "Disconnect\n"; - fileString += "\n"; - fileString += "\n"; - fileString += "PayloadDescription\n"; - fileString += "Configures device to use " + provName + " Encrypted DNS over " + encValue + "\n"; - fileString += "PayloadDisplayName\n"; - fileString += "" + provName + " DNS over " + encValue + "\n"; - fileString += "PayloadIdentifier\n"; - fileString += "com.apple.dnsSettings.managed." + uuidv4() + "\n"; - fileString += "PayloadType\n"; - fileString += "com.apple.dnsSettings.managed\n"; - fileString += "PayloadUUID\n"; - fileString += "" + uuidv4() + "\n"; - fileString += "PayloadVersion\n"; - fileString += "1\n"; - fileString += "ProhibitDisablement\n"; - if (document.getElementById("lockProfile").checked) { - fileString += "\n"; - } - else { - fileString += "\n"; - } - fileString += "\n"; - fileString += "\n"; - fileString += "PayloadDescription\n"; - fileString += "Adds " + provName + " Encrypted DNS over " + encValue + " to Big Sur and iOS 14 based systems\n"; - fileString += "PayloadDisplayName\n"; - fileString += "" + provName + " DNS over " + encValue + "\n"; - fileString += "PayloadIdentifier\n"; - fileString += "com.notjakob.apple-dns." + uuidv4() + "\n"; - fileString += "PayloadRemovalDisallowed\n"; - fileString += "\n"; - fileString += "PayloadType\n"; - fileString += "Configuration\n"; - fileString += "PayloadUUID\n"; - fileString += "" + uuidv4() + "\n"; - fileString += "PayloadVersion\n"; - fileString += "1\n"; - fileString += "\n"; - fileString += ""; - - var blob = new Blob([fileString], { type: "text/plain;charset=utf-8" }); - - deleteAllCookies(); - - saveAs(blob, "dns.mobileconfig"); + return ""; } - + +function addToList() { + var runningNo = getCookie("runningNo"); + if (getCookie("runningNo") == "") { + runningNo = 0; + } + + var d = new Date(); + d.setTime(d.getTime() + (86400000)); //expires in 24h + var expires = "expires="+ d.toUTCString(); + document.cookie = runningNo + "provName=" + document.getElementById("provName").value + ";" + expires + ";path=/; SameSite=Strict; Secure"; + document.cookie = runningNo + "doh=" + document.getElementById("doh").checked + ";" + expires + ";path=/; SameSite=Strict; Secure"; + document.cookie = runningNo + "dns1v4=" + document.getElementById("dns1v4").value + ";" + expires + ";path=/; SameSite=Strict; Secure"; + document.cookie = runningNo + "dns2v4=" + document.getElementById("dns2v4").value + ";" + expires + ";path=/; SameSite=Strict; Secure"; + document.cookie = runningNo + "dns1v6=" + document.getElementById("dns1v6").value + ";" + expires + ";path=/; SameSite=Strict; Secure"; + document.cookie = runningNo + "dns2v6=" + document.getElementById("dns2v6").value + ";" + expires + ";path=/; SameSite=Strict; Secure"; + document.cookie = runningNo + "serverUrl=" + document.getElementById("serverUrl").value + ";" + expires + ";path=/; SameSite=Strict; Secure"; + document.cookie = runningNo + "exclWifi=" + document.getElementById("exclWifi").value + ";" + expires + ";path=/; SameSite=Strict; Secure"; + document.cookie = runningNo + "useWifi=" + document.getElementById("useWifi").checked + ";" + expires + ";path=/; SameSite=Strict; Secure"; + document.cookie = runningNo + "useCell=" + document.getElementById("useCell").checked + ";" + expires + ";path=/; SameSite=Strict; Secure"; + document.cookie = runningNo + "lockProfile=" + document.getElementById("lockProfile").checked + ";" + expires + ";path=/; SameSite=Strict; Secure"; + + runningNo++; + document.cookie = "runningNo=" + runningNo + ";" + expires + ";path=/; SameSite=Strict; Secure"; + + window.location.href = "/finalize.html" +} + function switchToHTTPS() { document.getElementById("serverUrl").placeholder = "https://example.com/query" + document.getElementById("serverUrl").value; document.getElementById("dohdotServerLabel").innerHTML = "DoH server URL:"; } + function switchToTLS() { document.getElementById("serverUrl").placeholder = "dot.example.com"; document.getElementById("dohdotServerLabel").innerHTML = "DoT server URL:"; } + function loadPremade() { var provName = document.getElementById("provName"); var checkDoH = document.getElementById("doh"); @@ -199,7 +60,7 @@ function loadPremade() { var dns1v6 = document.getElementById("dns1v6"); var dns2v6 = document.getElementById("dns2v6"); var serverUrl = document.getElementById("serverUrl"); - + provName.value = getCookie("provName"); if (getCookie("doh") == "true") { checkDoH.checked = true; @@ -212,13 +73,13 @@ function loadPremade() { dns2v6.value = getCookie("dns2v6"); serverUrl.value = getCookie("serverUrl"); } + function accordion() { var adv = document.getElementById("advanced_container"); if (adv.className.indexOf("w3-show") == -1) { adv.className += " w3-show"; adv.previousElementSibling.className = adv.previousElementSibling.className.replace("w3-dark-grey", "w3-black"); - } - else { + } else { adv.className = adv.className.replace(" w3-show", ""); adv.previousElementSibling.className = adv.previousElementSibling.className.replace("w3-black", "w3-dark-grey"); } diff --git a/legal.html b/legal.html index 9bf5b1f..2c7b05e 100644 --- a/legal.html +++ b/legal.html @@ -12,9 +12,10 @@

For iOS 14 or later and macOS Big Sur or later

- About + About Tool Pre-made profiles + Finalize profile GitHub Legal
diff --git a/premades.html b/premades.html index 6f3815e..6feae46 100644 --- a/premades.html +++ b/premades.html @@ -13,9 +13,10 @@

For iOS 14 or later and macOS Big Sur or later

- About + About Tool Pre-made profiles + Finalize profile GitHub Legal
@@ -52,7 +53,7 @@ Protocols: DoH, DoT

Default configuration

- +
diff --git a/tool.html b/tool.html index 309e3f9..1a41f90 100644 --- a/tool.html +++ b/tool.html @@ -1,5 +1,6 @@ + @@ -7,27 +8,28 @@ - +

Secure DNS profile creator

For iOS 14 or later and macOS Big Sur or later

- +
About Tool Pre-made profiles + Finalize profile GitHub Legal
- +
- +

Choose a pre-configured provider, or enter your own settings:

- -
+ +

@@ -44,9 +46,11 @@ - + - +

@@ -57,10 +61,11 @@

- Enter a comma-separated list of Wi-Fi networks (SSID) on which the encrypted DNS will be disabled. + Enter a comma-separated list of Wi-Fi networks (SSID) on which the encrypted + DNS will be disabled.

- Interfaces to use encrypted DNS on: + Interfaces to use encrypted DNS on: @@ -72,10 +77,12 @@
- Prohibit users from removing the profile. Only available on supervised devices. + Prohibit users from removing the profile. Only available on supervised + devices.

-

+

+ \ No newline at end of file