forked from GramThanos/WebDevAuthn
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathweb-injector.html
More file actions
137 lines (127 loc) · 5.2 KB
/
web-injector.html
File metadata and controls
137 lines (127 loc) · 5.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>WebDevAuthn</title>
<meta name="description" content="Testing WebAuthn/FIDO2 Javascript API requests and responses">
<meta name="author" content="UNIPI - FIDO Project 2021">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<link rel="stylesheet" href="css/fontawesome-all.min.css">
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/jsNotify.bootstrap.css">
<link rel="stylesheet" href="css/prism.css">
<link rel="stylesheet" href="css/webapp.css">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-primary">
<div class="container">
<a class="navbar-brand" href="index.html"><i class="fas fa-hashtag"></i> WebDevAuthn</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto">
<li class="nav-item">
<a class="nav-link" href="index.html"><i class="fas fa-home"></i> Home</a>
</li>
<li class="nav-item">
<a class="nav-link" href="key-management.html"><i class="fas fa-key"></i> Key Management</a>
</li>
<li class="nav-item">
<a class="nav-link" href="credential-creation.html"><i class="fas fa-angle-double-up"></i> Credential Creation</a>
</li>
<li class="nav-item">
<a class="nav-link" href="credential-get.html"><i class="fas fa-angle-double-down"></i> Credential Get</a>
</li>
<li class="nav-item active">
<a class="nav-link" href="web-injector.html"><i class="fas fa-code"></i> Web Injector <span class="sr-only">(current)</span></a>
</li>
</ul>
<ul class="navbar-nav ml-auto">
<li class="nav-item">
<a class="nav-link" href="about.html"><i class="fas fa-info-circle"></i> About</a>
</li>
</ul>
</div>
</div>
</nav>
<!-- Page Title -->
<div class="main-page-title">
<div class="container">
<i class="fas fa-code"></i> Web Injector
</div>
</div>
<!-- Content -->
<div class="main-container">
<div class="container">
<div class="row" style="margin-bottom: 25px;">
<div class="col-12">
<p>
Inject WebDevAuthn into your web application to:
<ul>
<li>hijack and analyse WebAuthn Requests and Response</li>
<li>use the Virtual Authenticator</li>
<li>validate your implementation's WebAuthn parameters</li>
<li>PenTest your FIDO2/WebAuthn implementation</li>
</ul>
</p>
</div>
<div class="col-12"><hr>
<h2>Install Browser Extension</h2>
<h3>Install from Chrome Store</h3>
<p>
Install the WebDevAuthn extension on your browser from the Chrome Web Store.<br>
<a href="https://chrome.google.com/webstore/detail/webdevauthn/aofdjdfdpmfeohecddhgdjfnigggddpd">WebDevAuthn Extension in Chrome Store</a>
<p>
<h3>Install Unpacked Extension</h3>
<p>
Load the WebDevAuthn extension (as an unpacked extension) on your browser.<br>
<a href="https://github.com/GramThanos/WebDevAuthn/releases/latest">WebDevAuthn Extension Releases</a>
<p>
</div>
<div class="col-12"><hr>
<h2>Dev Tools Injection</h2>
Inject the hijacker by pasting this code into the Dev Tool of your broser on the webpage that features WebAuthn.
<pre data-src="js/webauthn-dev.js" style="height: 250px;"></pre>
</div>
<div class="col-12"><hr>
<h2>Load as script</h2>
Add the hijacker script into the developement instance of your website.
<pre><code class="lang-html"><script src="https://gramthanos.github.io/WebDevAuthn/js/webauthn-dev.js"
data-development="true"
data-virtual="true"
data-pause-with-alert="false"
data-instance-of-pub-key="true"
data-debugger="true"/></script></code></pre>
</div>
</div>
<!-- Browser Support { -->
<div class="row">
<div class="col-12" id="webauthn-support">
<div class="alert alert-warning" role="alert">
Checking browser's WebAuthn support ...
</div>
</div>
<script src="js/webauthn-support.js"></script>
</div>
<!-- } Browser Support -->
</div>
</div>
<div class="container footer">
<div class="row">
<div class="col-12">
<div>Copyright © 2022 - 2023, <a href="https://github.com/GramThanos">Athanasios Vasileios Grammatopoulos</a></div>
<div>In collaboration with <a href="https://ssl.ds.unipi.gr/">Systems Security Laboratory</a>, Department of Digital Systems, <a href="https://www.unipi.gr/">University of Piraeus</a></div>
</div>
<div class="col-12">
<div style="height:300px;"></div>
<div style="text-align: right;font-family: Consolas;"><-- this is the end --></div>
</div>
</div>
</div>
<script src="js/jquery-3.5.1.slim.min.js"></script>
<script src="js/popper.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="js/prism.js"></script>
</body>
</html>