Connexion
Aperçu de Anti-MitM TLSCAPTCHA (PoC)

Anti-MitM TLSCAPTCHA (PoC) par Anon

This extension uses your CAPTCHA answer to verify TLS certificate that you get from website you're visiting. Warning: you can see it in action only if a website has server-side part of such verification scheme.

3 (2 reviews)
12 utilisateurs·trices
Vous avez besoin de Firefox pour utiliser cette extension
TĂ©lĂ©charger Firefox et obtenir l’extension
Télécharger le fichier
À propos de cette extension
Every time when you solve CAPTCHA, the CAPTCHA answer can be used as a common secret for a short time. Mainly, It can be used to prevent TLS certificate spoofing.

Since ordinary web pages (and their JavaScript) doesn't have access to TLS certificate data, I was have to make this extension. Actually it does the following:

let clientsideDigest = <Digest of TLS certificate that you get from website you're visiting>;
let yourAnswer = <Your CAPTCHA answer>;
let resultDigest = PBKDF2(clientsideDigest, "SHA-512", yourAnswer);
//Where yourAnswer is PKBDF2 salt.
cookies["TLSCaptcha"] = representAsHexString(resultDigest);

To see it in action, you need to visit a website that have server-side implementation of this scheme.
At the moment of publishing this extension, there is no server-side implementations. If you want to make your own, please look into source code for details.

New additional featue: you can use this addon to establish additional encryption. See source code for details.
Commentaires du développeur
At the moment of publishing this extension, there is no server-side implementations. If you want to make your own, please look into source code for details. It's very simple to understand.

WARNING: this extension cannot be ported to Chromium-based browsers due to API limitations.
Noté 3 par 2 personnes

Le nombre d’étoiles est enregistrĂ©

5
1
4
0
3
0
2
0
1
1
Autorisations et donnéesEn savoir plus

Autorisations nécessaires :

  • AccĂ©der aux onglets du navigateur
  • AccĂ©der Ă  vos donnĂ©es pour tous les sites web
Plus d’informations
Version
1.0.3
Taille
13,92 Ko
DerniĂšre mise Ă  jour
il y a un an (17 mai 2024)
Catégories associées
Historique des versions
Ajouter Ă  la collection
Signaler ce module
Notes de version pour la version 1.0.3
~ Content script is no more.
~ Works properly with 'insecure context'.
~ Breaking change: only PBKDF2 is supported as verification hash.
+ Experimental feature: encrypted content support.
Plus de modules créés par Anon