Chrome/Firefox extension for pen-testing to retrieve encryption keys of Widevine protected content !DON'T DECRYPT CONTENT UNLESS YOU HAVE THE RIGHT TO DO IT!
chrome-extensionchrome-extensionsdrmencrypted-media-extensionsfirefox-add-onsfirefox-addonfirefox-addonsfirefox-extensionfirefox-extensionsfirefox-webextensionpyodidepywidevinewasmweb-extweb-extensionweb-extensionswebassemblywebextensionwebextensionswidevine
pyodide | ||
python | ||
wheels | ||
.gitattributes | ||
.gitignore | ||
background.js | ||
content.js | ||
CONTRIBUTION.md | ||
icon.png | ||
inject.js | ||
LICENSE | ||
manifest.json | ||
popup_drawList.js | ||
popup.html | ||
popup.js | ||
README.md |
WVGuesserExtension-NextGen
Extension works standalone.
Not anymore need WVCore.Server API setup!
Looking for legacy version?: https://github.com/FoxRefire/wvg/tree/legacy
Instalation
-
Donwload or clone this code
-
At the same directory of
manifest.json
(root directory of this extension), put the device file nameddevice.wvd
-
Install extension
-
Firefox
1. Navigate to
about:debugging#/runtime/this-firefox
2. Load temporary addon
-
Chrome
1. Navigate to
chrome://extensions/
2. Load unpacked
-
Kiwi Browser(Android)
1. Navigate to ︙ --> Extensions
2. +(from .zip/.crx/.user.js)
-
Demo
Todo
- Improve UI
Disclaimer
This extension is for educational and researchment purpose.
Only use it for content for which you own the rights and do not use it for piracy purposes.
How it works?
- inject.js injected by content.js gets Widevine PSSH by hooking EME.
- background.js fetches POST URLs/Headers
- PSSHs will passed by this route inject.js-->content.js-->background.js-->popup.js
- PSSHs+URLs+Headers will passed by this route background.js-->popup.js
- popup.js will contols UI(popup.html)
- User input into UI
- popup.js calls pywidevine script using pyodide in browser