Chrome/Firefox extension for pen-testing to retrieve encryption keys of Widevine protected content !DON'T DECRYPT CONTENT UNLESS YOU HAVE THE RIGHT TO DO IT!
Go to file
2024-04-13 05:12:23 +09:00
.gitattributes Initial commit 2024-04-09 08:46:15 +09:00
background.js Initial commit 2024-04-09 08:46:15 +09:00
content.js Initial commit 2024-04-09 08:46:15 +09:00
icon.png Initial commit 2024-04-09 08:46:15 +09:00
inject.js Initial commit 2024-04-09 08:46:15 +09:00
LICENSE Initial commit 2024-04-09 08:46:15 +09:00
manifest.json Initial commit 2024-04-09 08:46:15 +09:00
popup.html meta 2 2024-04-13 05:12:23 +09:00
popup.js Autoselect PSSH when there is one detected PSSH 2024-04-13 05:10:10 +09:00
README.md Update README.md 2024-04-12 02:07:41 +09:00

WVGuesserExtension

Instalation

  1. Setup Guesser API (Guide)

  2. Install extension

    • Firefox

      1. Navigate to about:debugging#/runtime/this-firefox

      2. Load temporary addon

    • Chrome

      1. Navigate to chrome://extensions/

      2. Load unpacked

    • Kiwi Browser(Android) NOTE:Remote API needed; Not work with Termux for now

      1. Navigate to ︙ --> Extensions

      2. +(from .zip/.crx/.user.js)

Demo

demo.webm

Todo

  • Support custom payload scheme

  • Improve UI

Disclaimer

This extension is for educational and researchment purpose.

Only use it for content for which you own the rights and do not use it for piracy purposes.

How it works?

diagram drawio

  1. inject.js injected by content.js gets Widevine PSSH by hooking EME.
  2. background.js fetches POST URLs/Headers
  3. PSSHs will passed by this route inject.js-->content.js-->background.js-->popup.js
  4. PSSHs+URLs+Headers will passed by this route background.js-->popup.js
  5. popup.js will contols UI(popup.html)
  6. User input into UI
  7. popup.js sends key request to Guesser API