Anti-MitM TLSCAPTCHA (PoC) di Indigotime
This extension uses your CAPTCHA answer to verify TLS certificate that you get from website you're visiting.
Warning: you can see it in action only if a website has server-side part of such verification scheme.
Devi utilizzare Firefox per poter installare questa estensione
Metadati estensione
Informazioni sull’estensione
Every time when you solve CAPTCHA, the CAPTCHA answer can be used as a common secret for a short time. Mainly, It can be used to prevent TLS certificate spoofing.
Since ordinary web pages (and their JavaScript) doesn't have access to TLS certificate data, I was have to make this extension. Actually it does the following:
let clientsideDigest = <Digest of TLS certificate that you get from website you're visiting>;
let yourAnswer = <Your CAPTCHA answer>;
let resultDigest = PBKDF2(clientsideDigest, "SHA-512", yourAnswer);
//Where yourAnswer is PKBDF2 salt.
cookies["TLSCaptcha"] = representAsHexString(resultDigest);
To see it in action, you need to visit a website that have server-side implementation of this scheme.
At the moment of publishing this extension, there is no server-side implementations. If you want to make your own, please look into source code for details.
New additional featue: you can use this addon to establish additional encryption. See source code for details.
Since ordinary web pages (and their JavaScript) doesn't have access to TLS certificate data, I was have to make this extension. Actually it does the following:
let clientsideDigest = <Digest of TLS certificate that you get from website you're visiting>;
let yourAnswer = <Your CAPTCHA answer>;
let resultDigest = PBKDF2(clientsideDigest, "SHA-512", yourAnswer);
//Where yourAnswer is PKBDF2 salt.
cookies["TLSCaptcha"] = representAsHexString(resultDigest);
To see it in action, you need to visit a website that have server-side implementation of this scheme.
At the moment of publishing this extension, there is no server-side implementations. If you want to make your own, please look into source code for details.
New additional featue: you can use this addon to establish additional encryption. See source code for details.
Commenti dello sviluppatore
Valuta la tua esperienza utente
PermessiUlteriori informazioni
Questo componente aggiuntivo necessita di:
- Accedere alle schede
- Accedere ai dati di tutti i siti web
Ulteriori informazioni
- Versione
- 1.0.3
- Dimensione
- 13,92 kB
- Ultimo aggiornamento
- un mese fa (17 mag 2024)
- Categorie correlate
- Licenza
- GNU General Public License v3.0
- Cronologia versioni
Aggiungi alla raccolta
Note di versione per la versione 1.0.3
~ Content script is no more.
~ Works properly with 'insecure context'.
~ Breaking change: only PBKDF2 is supported as verification hash.
+ Experimental feature: encrypted content support.
~ Works properly with 'insecure context'.
~ Breaking change: only PBKDF2 is supported as verification hash.
+ Experimental feature: encrypted content support.
Altre estensioni di Indigotime
Non ci sono ancora valutazioni- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni
WARNING: this extension cannot be ported to Chromium-based browsers due to API limitations.