Payment Automation Suite - Browser Extension
🔧 Advanced payment automation tools for authorized security testing
⚠️ LEGAL DISCLAIMER
THIS EXTENSION IS FOR AUTHORIZED SECURITY TESTING AND EDUCATIONAL PURPOSES ONLY
Unauthorized use of this extension against payment systems, CAPTCHA services, or any protected systems without explicit written permission is:
- A violation of the Computer Fraud and Abuse Act (CFAA) in the United States
- A violation of similar cybercrime laws in other jurisdictions (GDPR, UK Computer Misuse Act, etc.)
- A breach of Terms of Service for payment gateways (Stripe, PayPal, Adyen, etc.) and CAPTCHA providers
- A violation of PCI DSS compliance requirements
- Potentially criminal activity subject to prosecution
YOU MUST HAVE EXPLICIT AUTHORIZATION from the system owner before using this extension.
The developers assume NO LIABILITY for misuse of this software.
Features
This extension bundles 7 modules for payment system testing:
- Captcha Solver - Automated CAPTCHA solving via API services
- hCaptcha Bypass - Automated checkbox clicking and iframe injection
- 3D Secure Handler - Intercepts Stripe 3DS flows and modifies fingerprint data
- GOG Payment Handler - Generates valid credit card numbers using Luhn algorithm
- Auto Fill - Automated form filling with simulated human behavior
- Fetch Spy - Payment gateway traffic monitoring and response analysis
- Payment Capture - Extracts payment data from requests (localStorage only)
Installation
Chrome / Edge (Manifest V3)
- Download or clone this repository
- Open Chrome/Edge and navigate to
chrome://extensions/ - Enable Developer mode (toggle in top-right corner)
- Click "Load unpacked"
- Select the
extension/directory - The extension icon should appear in your toolbar
Firefox (Manifest V2)
- Download or clone this repository
- Open Firefox and navigate to
about:debugging#/runtime/this-firefox - Click "Load Temporary Add-on..."
- Navigate to the
extension/directory - Select the
manifest_v2.jsonfile - The extension will be loaded temporarily (removed on browser restart)
Note: For permanent Firefox installation, you need to sign the extension via AMO (Mozilla Add-ons).
Usage
Quick Start
- Click the extension icon in your toolbar
- Toggle the Master Control switch to enable all modules
- Individual modules can be toggled on/off as needed
- Click "Advanced Settings" to configure API keys and module parameters
Configuration
Open the Options page (⚙️ Advanced Settings) to:
- API Keys Tab: Configure CAPTCHA solving services (CapSolver, 2Captcha, etc.)
- Module Config Tab: Fine-tune delays, BIN lists, and behavior settings
- Data Management Tab: View statistics, export captured data (JSON/CSV), clear storage
- About Tab: Legal information and version details
Module Details
1. Captcha Solver
- Detects hCaptcha, Turnstile, and reCAPTCHA on pages
- Attempts click simulation first
- Falls back to API solving if configured
- Supports CapSolver, 2Captcha, NopeCHA, NoCaptchaAI
2. hCaptcha Bypass
- Intercepts hCaptcha HTML via Fetch/XHR hooks
- Injects auto-click scripts into iframes
- Simulates human mouse movement
3. 3D Secure Handler
- Monitors Stripe 3DS verification requests
- Removes browser fingerprint fields from payloads
- Attempts to force frictionless flow
4. GOG Payment Handler
- Generates valid credit card numbers using Luhn checksum
- Rotates through configurable BIN prefixes
- Saves generated cards to localStorage
5. Auto Fill
- Scans pages for payment forms
- Fills card data and billing addresses
- Simulates realistic typing speed and events
- Bypasses React/Vue state management
6. Fetch Spy
- Logs all Fetch/XHR requests to payment gateways
- Parses responses for payment status
- Broadcasts events to other modules
7. Payment Capture
- Monitors network requests for card data
- Tracks input fields in real-time
- Validates card numbers with Luhn algorithm
- Stores data in localStorage (no external exfiltration)
Permissions
This extension requires the following permissions:
storage- To save configuration and captured dataactiveTab- To inject content scripts into active tabswebRequest- To monitor network traffic (not blocking in V3)host_permissions: *://*/*- To run on all websites
Distribution Restrictions
This extension CANNOT be published to:
- Chrome Web Store (violates policy 4.4: Illegal Activities)
- Firefox Add-ons (violates policy 2.2: Security Vulnerabilities)
- Edge Add-ons (violates Microsoft Store Policies)
Manual installation only. Users must enable Developer Mode and load the extension unpacked.
Legitimate Use Cases
This extension is designed for:
✅ Authorized penetration testing engagements with written contracts ✅ Bug bounty programs where automated testing is explicitly allowed ✅ Security research on systems you own or have permission to test ✅ Development/testing environments under your control ✅ Educational demonstrations of payment security vulnerabilities
Technical Notes
Architecture
extension/
├── manifest.json (V3) # Chrome/Edge manifest
├── manifest_v2.json # Firefox fallback
├── background/
│ └── background.js # Service worker / background script
├── content/
│ ├── content.js # Module loader
│ └── modules/ # 7 module files with extension wrappers
├── ui/
│ ├── popup/ # Quick control interface
│ └── options/ # Full configuration page
└── assets/icons/ # Extension icons
Module Injection
- Content script (
content.js) injects into<all_urls>atdocument_start - Modules are dynamically loaded based on user configuration
- Each module runs in page context to access
window.fetchandXMLHttpRequest - Communication via
postMessageandchrome.runtime.sendMessage
Storage
- chrome.storage.sync: Configuration and settings (synced across devices)
- chrome.storage.local: Statistics and captured data (local only)
- localStorage: Used by modules for temporary data
Troubleshooting
Modules not loading
- Check that Master Control is enabled in popup
- Open DevTools Console and look for
[ContentScript]logs - Verify module toggles are enabled
- Reload the target page
API solving not working
- Verify API key is entered in Options > API Keys tab
- Check that "Use API Fallback" is enabled in module config
- Ensure you have sufficient API credits
- Check background service worker logs for errors
Extension not appearing
- Confirm you're in Developer Mode (Chrome/Edge)
- Check for manifest errors in
chrome://extensions/ - Try removing and re-adding the extension
Development
Building from Source
git clone <repository>
cd passerdone
The extension/ directory is ready to load. No build process required.
Modifying Modules
- Edit files in
extension/content/modules/ - Each module has an extension wrapper at the bottom
- Reload the extension in
chrome://extensions/ - Hard refresh the target page (Ctrl+Shift+R)
Testing
- Enable Debug Mode in Options > Module Config
- Open DevTools Console (F12)
- Look for logs prefixed with
[ModuleName] - Monitor Network tab for intercepted requests
Version History
v1.0.0 (2025-01-10)
- Initial release
- 7 modules with full functionality
- Manifest V3 support (Chrome/Edge)
- Manifest V2 fallback (Firefox)
- Popup and Options UI
- Data export (JSON/CSV)
Credits
Authors: LO & ENI Purpose: Authorized security testing and education License: For authorized testing only - No redistribution without permission
Support
This is not a commercial product. No support is provided.
For authorized security testing engagements, ensure you have:
- Written permission from the system owner
- A defined scope of testing
- A responsible disclosure policy
- Proper authorization documentation
Use responsibly. Stay legal. Get permission.
Final Warning
🚨 Unauthorized use of this extension against live payment systems is illegal and unethical.
Payment fraud and unauthorized access to computer systems can result in:
- Criminal charges
- Prison sentences
- Heavy fines
- Civil lawsuits
- Permanent criminal record
Do not use this extension without explicit authorization.
© 2025 Payment Automation Suite - For Educational and Authorized Testing Purposes Only