Sunday, August 12, 2007
CookieInjector, part 2
CookieInjector can now log me in to Bank of America, Bloglines, DreamHost, Facebook, Gmail, RBC and TD Canada Trust. I am deeply indebted to Eric Lawrence for his Fiddler HTTP/S traffic sniffer.
One major lesson I have learned: banks have convoluted, mostly-broken web sites.
So far, I just have two of the components functioning:
Still to do:
Now that CardSpace has an official icon, supported webpages automatically get the following overlay when the more secure form of authentication is available:
One major lesson I have learned: banks have convoluted, mostly-broken web sites.
So far, I just have two of the components functioning:
- The library component to securely store passwords, authenticate to sites, and return the list of cookies
- The browser helper object to recognize when we are at a site for which my system can handle authentication
Still to do:
- Extend the BHO to invoke CardSpace using my CodeCompete SSL cert
- Write an IP/STS that shreds incoming requests, invokes the appropriate authentication, and returns the cookie
Now that CardSpace has an official icon, supported webpages automatically get the following overlay when the more secure form of authentication is available:
Labels: cookieinjector
Comments:
Post a Comment
<< Home
<< Home
