IOS>> browser-usbtan>> 返回
项目作者: arogge

项目描述 :
Browser-Exension to scrape flicker-codes and to generate a TAN with an USB reader
高级语言: JavaScript
项目地址: git://github.com/arogge/browser-usbtan.git
创建时间: 2021-04-29T21:18:18Z
项目社区:https://github.com/arogge/browser-usbtan
开源协议:GNU Affero General Public License v3.0
下载


Browser-USBtan

Browser-USBtan aims to provide a browser-extension together with a matching native-messaging-host application that allows you to use a USB-reader to generate TAN numbers from flickercodes.

Project status

This is currently a proof-of-concept. The browser-extension works, scrapes the flickercode and talks to the native-messaging-host application. That application will generate a TAN. However, there is currently no meaningful errorhandling.

As this is currently tailored to testing, the extension will only runs on local URLs (i.e. those starting with file:///).
The extension is only tested with Firefox. It may work with Chrome, too.

Installation

To install the extension, you’ll have to load it into your browser. In Firefox you can go to the Debugging Page and load a temporary plugin. Simply navigate to your checkout and select browser-extension/manifest.json to load the Plugin.

To install the native-host application, you’ll need a C++17 compiler and a recent version of CMake. 

  1. $ mkdir build
  2. $ cd build
  3. $ cmake ..
  4. $ make
  5. $ make install

This will build the application and install a descriptor in $HOME/.mozilla/native-messaging-hosts/. The application itself will currently reside in your temporary directory.

Usage

The extension automatically looks at all URL starting with file:///. You can open the javascript-console to see what is going on.
If you want to use it for different URLs, you need to change browser-extension/manifest.json accordingly.

For testing purposes, it is a good idea to go to your bank’s website, go to a page that will produce a flickercode, save that locally and add a <base href="..."> to it, so you can load it locally.

How it works

The extension hooks into the drawing of the HTML canvas that displays the flicker-code. The flickering is screen-scraped, converted to a string and passed via the native-messaging-host that is then supposed to return a TAN.
That TAN will then be written to the form-field. In the future, when TANs are actually working, the form will also be automatically submitted.

Contributing

Pull requests are welcome.

License

GNU AGPLv3