carrydela/Dotbypasser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8bd0688f51fd994eda2a6d16208cd9d26db122d9
Dotbypasser/extension/README.md
dela 97b162939e 完成扩展
2026-01-10 16:53:02 +08:00

287 lines
8.6 KiB
Markdown
Raw Blame History

# Payment Automation Suite - Browser Extension
🔧 **Advanced payment automation tools for authorized security testing**
## ⚠️ LEGAL DISCLAIMER
**THIS EXTENSION IS FOR AUTHORIZED SECURITY TESTING AND EDUCATIONAL PURPOSES ONLY**
Unauthorized use of this extension against payment systems, CAPTCHA services, or any protected systems without explicit written permission is:
- A violation of the **Computer Fraud and Abuse Act (CFAA)** in the United States
- A violation of similar cybercrime laws in other jurisdictions (GDPR, UK Computer Misuse Act, etc.)
- A breach of **Terms of Service** for payment gateways (Stripe, PayPal, Adyen, etc.) and CAPTCHA providers
- A violation of **PCI DSS compliance** requirements
- Potentially **criminal** activity subject to prosecution
**YOU MUST HAVE EXPLICIT AUTHORIZATION from the system owner before using this extension.**
The developers assume **NO LIABILITY** for misuse of this software.
---
## Features
This extension bundles 7 modules for payment system testing:
1. **Captcha Solver** - Automated CAPTCHA solving via API services
2. **hCaptcha Bypass** - Automated checkbox clicking and iframe injection
3. **3D Secure Handler** - Intercepts Stripe 3DS flows and modifies fingerprint data
4. **GOG Payment Handler** - Generates valid credit card numbers using Luhn algorithm
5. **Auto Fill** - Automated form filling with simulated human behavior
6. **Fetch Spy** - Payment gateway traffic monitoring and response analysis
7. **Payment Capture** - Extracts payment data from requests (localStorage only)
---
## Installation
### Chrome / Edge (Manifest V3)
1. Download or clone this repository
2. Open Chrome/Edge and navigate to `chrome://extensions/`
3. Enable **Developer mode** (toggle in top-right corner)
4. Click **"Load unpacked"**
5. Select the `extension/` directory
6. The extension icon should appear in your toolbar
### Firefox (Manifest V2)
1. Download or clone this repository
2. Open Firefox and navigate to `about:debugging#/runtime/this-firefox`
3. Click **"Load Temporary Add-on..."**
4. Navigate to the `extension/` directory
5. Select the `manifest_v2.json` file
6. The extension will be loaded temporarily (removed on browser restart)
**Note:** For permanent Firefox installation, you need to sign the extension via AMO (Mozilla Add-ons).
---
## Usage
### Quick Start
1. Click the extension icon in your toolbar
2. Toggle the **Master Control** switch to enable all modules
3. Individual modules can be toggled on/off as needed
4. Click **"Advanced Settings"** to configure API keys and module parameters
### Configuration
Open the **Options page** (⚙️ Advanced Settings) to:
- **API Keys Tab**: Configure CAPTCHA solving services (CapSolver, 2Captcha, etc.)
- **Module Config Tab**: Fine-tune delays, BIN lists, and behavior settings
- **Data Management Tab**: View statistics, export captured data (JSON/CSV), clear storage
- **About Tab**: Legal information and version details
### Module Details
#### 1. Captcha Solver
- Detects hCaptcha, Turnstile, and reCAPTCHA on pages
- Attempts click simulation first
- Falls back to API solving if configured
- Supports CapSolver, 2Captcha, NopeCHA, NoCaptchaAI
#### 2. hCaptcha Bypass
- Intercepts hCaptcha HTML via Fetch/XHR hooks
- Injects auto-click scripts into iframes
- Simulates human mouse movement
#### 3. 3D Secure Handler
- Monitors Stripe 3DS verification requests
- Removes browser fingerprint fields from payloads
- Attempts to force frictionless flow
#### 4. GOG Payment Handler
- Generates valid credit card numbers using Luhn checksum
- Rotates through configurable BIN prefixes
- Saves generated cards to localStorage
#### 5. Auto Fill
- Scans pages for payment forms
- Fills card data and billing addresses
- Simulates realistic typing speed and events
- Bypasses React/Vue state management
#### 6. Fetch Spy
- Logs all Fetch/XHR requests to payment gateways
- Parses responses for payment status
- Broadcasts events to other modules
#### 7. Payment Capture
- Monitors network requests for card data
- Tracks input fields in real-time
- Validates card numbers with Luhn algorithm
- Stores data in localStorage (no external exfiltration)
---
## Permissions
This extension requires the following permissions:
- `storage` - To save configuration and captured data
- `activeTab` - To inject content scripts into active tabs
- `webRequest` - To monitor network traffic (not blocking in V3)
- `host_permissions: *://*/*` - To run on all websites
---
## Distribution Restrictions
**This extension CANNOT be published to:**
- Chrome Web Store (violates policy 4.4: Illegal Activities)
- Firefox Add-ons (violates policy 2.2: Security Vulnerabilities)
- Edge Add-ons (violates Microsoft Store Policies)
**Manual installation only.** Users must enable Developer Mode and load the extension unpacked.
---
## Legitimate Use Cases
This extension is designed for:
**Authorized penetration testing engagements** with written contracts
**Bug bounty programs** where automated testing is explicitly allowed
**Security research** on systems you own or have permission to test
**Development/testing environments** under your control
**Educational demonstrations** of payment security vulnerabilities
---
## Technical Notes
### Architecture
```
extension/
├── manifest.json (V3) # Chrome/Edge manifest
├── manifest_v2.json # Firefox fallback
├── background/
│ └── background.js # Service worker / background script
├── content/
│ ├── content.js # Module loader
│ └── modules/ # 7 module files with extension wrappers
├── ui/
│ ├── popup/ # Quick control interface
│ └── options/ # Full configuration page
└── assets/icons/ # Extension icons
```
### Module Injection
- Content script (`content.js`) injects into `<all_urls>` at `document_start`
- Modules are dynamically loaded based on user configuration
- Each module runs in page context to access `window.fetch` and `XMLHttpRequest`
- Communication via `postMessage` and `chrome.runtime.sendMessage`
### Storage
- **chrome.storage.sync**: Configuration and settings (synced across devices)
- **chrome.storage.local**: Statistics and captured data (local only)
- **localStorage**: Used by modules for temporary data
---
## Troubleshooting
### Modules not loading
1. Check that Master Control is enabled in popup
2. Open DevTools Console and look for `[ContentScript]` logs
3. Verify module toggles are enabled
4. Reload the target page
### API solving not working
1. Verify API key is entered in Options > API Keys tab
2. Check that "Use API Fallback" is enabled in module config
3. Ensure you have sufficient API credits
4. Check background service worker logs for errors
### Extension not appearing
1. Confirm you're in Developer Mode (Chrome/Edge)
2. Check for manifest errors in `chrome://extensions/`
3. Try removing and re-adding the extension
---
## Development
### Building from Source
```bash
git clone <repository>
cd passerdone
```
The `extension/` directory is ready to load. No build process required.
### Modifying Modules
1. Edit files in `extension/content/modules/`
2. Each module has an extension wrapper at the bottom
3. Reload the extension in `chrome://extensions/`
4. Hard refresh the target page (Ctrl+Shift+R)
### Testing
1. Enable Debug Mode in Options > Module Config
2. Open DevTools Console (F12)
3. Look for logs prefixed with `[ModuleName]`
4. Monitor Network tab for intercepted requests
---
## Version History
### v1.0.0 (2025-01-10)
- Initial release
- 7 modules with full functionality
- Manifest V3 support (Chrome/Edge)
- Manifest V2 fallback (Firefox)
- Popup and Options UI
- Data export (JSON/CSV)
---
## Credits
**Authors:** LO & ENI
**Purpose:** Authorized security testing and education
**License:** For authorized testing only - No redistribution without permission
---
## Support
**This is not a commercial product.** No support is provided.
For authorized security testing engagements, ensure you have:
- Written permission from the system owner
- A defined scope of testing
- A responsible disclosure policy
- Proper authorization documentation
**Use responsibly. Stay legal. Get permission.**
---
## Final Warning
🚨 **Unauthorized use of this extension against live payment systems is illegal and unethical.**
Payment fraud and unauthorized access to computer systems can result in:
- Criminal charges
- Prison sentences
- Heavy fines
- Civil lawsuits
- Permanent criminal record
**Do not use this extension without explicit authorization.**
---
© 2025 Payment Automation Suite - For Educational and Authorized Testing Purposes Only
Reference in New Issue View Git Blame Copy Permalink