Anti-MitM TLSCAPTCHA (PoC) by Indigotime
This extension uses your CAPTCHA answer to verify TLS certificate that you get from website you're visiting.
Warning: you can see it in action only if a website has server-side part of such verification scheme.
You'll need Firefox to use this extension
Extension Metadata
About this extension
Every time when you solve CAPTCHA, the CAPTCHA answer can be used as a common secret for a short time. Mainly, It can be used to prevent TLS certificate spoofing.
Since ordinary web pages (and their JavaScript) doesn't have access to TLS certificate data, I was have to make this extension. Actually it does the following:
let clientsideDigest = <Digest of TLS certificate that you get from website you're visiting>;
let yourAnswer = <Your CAPTCHA answer>;
let resultDigest = sha512(clientsideDigest + yourAnswer);
cookies["TLSCaptcha"] = representAsHexString(resultDigest);
To see it in action, you need to visit a website that have server-side implementation of this scheme.
At the moment of publishing this extension, there is no server-side implementations. If you want to make your own, please look into source code for details. It's very simple to understand.
See also: http://s01.geekpic.net/di-PKWLII.png
Since ordinary web pages (and their JavaScript) doesn't have access to TLS certificate data, I was have to make this extension. Actually it does the following:
let clientsideDigest = <Digest of TLS certificate that you get from website you're visiting>;
let yourAnswer = <Your CAPTCHA answer>;
let resultDigest = sha512(clientsideDigest + yourAnswer);
cookies["TLSCaptcha"] = representAsHexString(resultDigest);
To see it in action, you need to visit a website that have server-side implementation of this scheme.
At the moment of publishing this extension, there is no server-side implementations. If you want to make your own, please look into source code for details. It's very simple to understand.
See also: http://s01.geekpic.net/di-PKWLII.png
Developer comments
Rate your experience
PermissionsLearn more
This add-on needs to:
- Access browser tabs
- Access browser activity during navigation
- Access your data for all websites
More information
- Version
- 1.0.2
- Size
- 11.82 KB
- Last updated
- 10 months ago (Jun 23, 2023)
- Related Categories
- License
- GNU General Public License v3.0
- Version History
Add to collection
Release notes for 1.0.2
+ Added support for PBKDF2. It available only in browserAction popup.
It means that you have an option to apply PBKDF2 to CAPTCHA answer before concatenation with server certificate digest. Server-side support required for this feature.
It means that you have an option to apply PBKDF2 to CAPTCHA answer before concatenation with server certificate digest. Server-side support required for this feature.
More extensions by Indigotime
- There are no ratings yet
- There are no ratings yet
- There are no ratings yet
- There are no ratings yet
- There are no ratings yet
- There are no ratings yet
WARNING: this extension cannot be ported to Chromium-based browsers due to API limitations.