![Anti-MitM TLSCAPTCHA (PoC) 미리보기](https://addons.mozilla.org/user-media/addon_icons/1005/1005577-64.png?modified=0caf62c3)
Anti-MitM TLSCAPTCHA (PoC) 제작자: Indigotime
This extension uses your CAPTCHA answer to verify TLS certificate that you get from website you're visiting.
Warning: you can see it in action only if a website has server-side part of such verification scheme.
이 확장 기능을 사용하려면 Firefox가 필요함
확장 메타 데이터
정보
Every time when you solve CAPTCHA, the CAPTCHA answer can be used as a common secret for a short time. Mainly, It can be used to prevent TLS certificate spoofing.
Since ordinary web pages (and their JavaScript) doesn't have access to TLS certificate data, I was have to make this extension. Actually it does the following:
let clientsideDigest = <Digest of TLS certificate that you get from website you're visiting>;
let yourAnswer = <Your CAPTCHA answer>;
let resultDigest = PBKDF2(clientsideDigest, "SHA-512", yourAnswer);
//Where yourAnswer is PKBDF2 salt.
cookies["TLSCaptcha"] = representAsHexString(resultDigest);
To see it in action, you need to visit a website that have server-side implementation of this scheme.
At the moment of publishing this extension, there is no server-side implementations. If you want to make your own, please look into source code for details.
New additional featue: you can use this addon to establish additional encryption. See source code for details.
Since ordinary web pages (and their JavaScript) doesn't have access to TLS certificate data, I was have to make this extension. Actually it does the following:
let clientsideDigest = <Digest of TLS certificate that you get from website you're visiting>;
let yourAnswer = <Your CAPTCHA answer>;
let resultDigest = PBKDF2(clientsideDigest, "SHA-512", yourAnswer);
//Where yourAnswer is PKBDF2 salt.
cookies["TLSCaptcha"] = representAsHexString(resultDigest);
To see it in action, you need to visit a website that have server-side implementation of this scheme.
At the moment of publishing this extension, there is no server-side implementations. If you want to make your own, please look into source code for details.
New additional featue: you can use this addon to establish additional encryption. See source code for details.
개발자 의견
평가
권한더 알아보기
다음 권한 필요:
- 브라우저 탭에 접근
- 모든 웹사이트에서 사용자의 데이터에 접근
추가 정보
- 버전
- 1.0.3
- 크기
- 13.92 KB
- 마지막 업데이트
- 한 달 전 (2024년 5월 17일)
- 관련 카테고리
- 라이선스
- GNU General Public License v3.0
- 버전 목록
모음집에 추가
버전 1.0.3의 출시 정보
~ Content script is no more.
~ Works properly with 'insecure context'.
~ Breaking change: only PBKDF2 is supported as verification hash.
+ Experimental feature: encrypted content support.
~ Works properly with 'insecure context'.
~ Breaking change: only PBKDF2 is supported as verification hash.
+ Experimental feature: encrypted content support.
Indigotime 님의 다른 확장 기능
- 아직 평점이 없습니다
- 아직 평점이 없습니다
- 아직 평점이 없습니다
- 아직 평점이 없습니다
- 아직 평점이 없습니다
- 아직 평점이 없습니다
WARNING: this extension cannot be ported to Chromium-based browsers due to API limitations.