
Anti-MitM TLSCAPTCHA (PoC) 作成者: Anon
This extension uses your CAPTCHA answer to verify TLS certificate that you get from website you're visiting. Warning: you can see it in action only if a website has server-side part of such verification scheme.
14 Users14 Users
この拡張機能を使用するには Firefox が必要です
拡張機能メタデータ
この拡張機能について
Every time when you solve CAPTCHA, the CAPTCHA answer can be used as a common secret for a short time. Mainly, It can be used to prevent TLS certificate spoofing.
Since ordinary web pages (and their JavaScript) doesn't have access to TLS certificate data, I was have to make this extension. Actually it does the following:
let clientsideDigest = <Digest of TLS certificate that you get from website you're visiting>;
let yourAnswer = <Your CAPTCHA answer>;
let resultDigest = PBKDF2(clientsideDigest, "SHA-512", yourAnswer);
//Where yourAnswer is PKBDF2 salt.
cookies["TLSCaptcha"] = representAsHexString(resultDigest);
To see it in action, you need to visit a website that have server-side implementation of this scheme.
At the moment of publishing this extension, there is no server-side implementations. If you want to make your own, please look into source code for details.
New additional featue: you can use this addon to establish additional encryption. See source code for details.
Since ordinary web pages (and their JavaScript) doesn't have access to TLS certificate data, I was have to make this extension. Actually it does the following:
let clientsideDigest = <Digest of TLS certificate that you get from website you're visiting>;
let yourAnswer = <Your CAPTCHA answer>;
let resultDigest = PBKDF2(clientsideDigest, "SHA-512", yourAnswer);
//Where yourAnswer is PKBDF2 salt.
cookies["TLSCaptcha"] = representAsHexString(resultDigest);
To see it in action, you need to visit a website that have server-side implementation of this scheme.
At the moment of publishing this extension, there is no server-side implementations. If you want to make your own, please look into source code for details.
New additional featue: you can use this addon to establish additional encryption. See source code for details.
Rated 3 by 2 reviewers
Permissions and data詳細情報
必要な権限:
- ブラウザーのタブへのアクセス
- すべてのウェブサイトの保存されたデータへのアクセス
詳しい情報
- バージョン
- 1.0.3
- サイズ
- 13.92 KB
- 最終更新日
- 1年前 (2024年5月17日)
- 関連カテゴリー
- ライセンス
- GNU General Public License v3.0 only
- バージョン履歴
- コレクションへ追加
1.0.3 のリリースノート
~ Content script is no more.
~ Works properly with 'insecure context'.
~ Breaking change: only PBKDF2 is supported as verification hash.
+ Experimental feature: encrypted content support.
~ Works properly with 'insecure context'.
~ Breaking change: only PBKDF2 is supported as verification hash.
+ Experimental feature: encrypted content support.
Anon が公開している他の拡張機能
- まだ評価されていません
- まだ評価されていません
- まだ評価されていません
- まだ評価されていません
- まだ評価されていません
- まだ評価されていません
WARNING: this extension cannot be ported to Chromium-based browsers due to API limitations.