Every time when you solve CAPTCHA, the CAPTCHA answer can be used as a common secret for a short time. Mainly, It can be used to prevent TLS certificate spoofing.
Since ordinary web pages (and their JavaScript) doesn't have access to TLS certificate data, I was have to make this extension. Actually it does the following:
let clientsideDigest = <Digest of TLS certificate that you get from website you're visiting>;
let yourAnswer = <Your CAPTCHA answer>;
let resultDigest = sha512(clientsideDigest + yourAnswer);
cookies["TLSCaptcha"] = representAsHexString(resultDigest);
To see it in action, you need to visit a website that have server-side implementation of this scheme.
At the moment of publishing this extension, there is no server-side implementations. If you want to make your own, please look into source code for details. It's very simple to understand.
See also: http://s01.geekpic.net/di-PKWLII.png
Install
- License: GNU General Public License v3.0 or later
- Weekly downloads: 3
- Average daily users: 35
- Rating: 3/5 of 2 ratings
- Created: 2018-10-23 16:54:37
- Last updated: 2023-06-23 12:05:21
- Homepage:
- Support site and email
- Orig: https://addons.mozilla.org/en-US/firefox/addon/anti-mitm-tlscaptcha-poc/
- API: TLSCAPTCHA@anon