Web Injector

Inject WebDevAuthn into your web application to:

  • hijack and analyse WebAuthn Requests and Response
  • use the Virtual Authenticator
  • validate your implementation's WebAuthn parameters
  • PenTest your FIDO2/WebAuthn implementation

Install Browser Extension

Install from Chrome Store

Install the WebDevAuthn extension on your browser from the Chrome Web Store.
WebDevAuthn Extension in Chrome Store

Install Unpacked Extension

Load the WebDevAuthn extension (as an unpacked extension) on your browser.
WebDevAuthn Extension Releases

Dev Tools Injection

Inject the hijacker by pasting this code into the Dev Tool of your broser on the webpage that features WebAuthn. 

					


					

						
Load as script

						Add the hijacker script into the developement instance of your website.
						
<script src="https://gramthanos.github.io/WebDevAuthn/js/webauthn-dev.js"
		data-development="true"
		data-virtual="true"
		data-pause-with-alert="false"
		data-instance-of-pub-key="true"
		data-debugger="true"/></script>

					

				


				
				

					

						
					

					
				

				
			

		

		

			

				

					
Copyright © 2022 - 2023, Athanasios Vasileios Grammatopoulos

					
In collaboration with Systems Security Laboratory, Department of Digital Systems, University of Piraeus

				

				

					

					
<-- this is the end -->