技能 编程开发 浏览器认证流程对抗性探查

浏览器认证流程对抗性探查

v20260707
browser-auth-flow
该工具用于驱动和审计网站的整个认证流程,执行一系列可配置的对抗性安全探查。它可以检查是否存在关键安全漏洞,例如缺少CSRF令牌、不安全的会话Cookie、危险的重定向泄露,以及OAuth配置错误。最终生成结构化的发现报告,适用于部署前的安全审计。
获取技能
130 次下载
概览

Browser Auth Flow

Adversarial probe of a site's authentication. Drives the login flow once, records the trajectory, then runs a configurable set of probes against the captured artifacts and live page. Output is a structured findings.md inside the RVF container.

When to use

  • Pre-deployment audit of a new auth flow.
  • Investigating a suspected token leak or redirect issue.
  • Establishing a baseline for ongoing regression checks.

Steps

  1. Open a recorded session via browser-record.

  2. Drive the auth flow as in browser-login (credentials come from --credentials <handle> referencing browser-cookies if the run is a re-auth probe).

  3. Run probes:

    • csrf: inspect the login POST in the trajectory; verify a same-origin token field is present and non-empty.
    • redirect: watch browser_get-url after each nav for cross-origin redirects with auth state in the URL or fragment. Flag any token-bearing URL that crosses an origin boundary.
    • cookie: walk document.cookie via browser_eval. For each cookie, check Secure, HttpOnly, SameSite, expiry, and entropy of the value. Flag missing flags or short tokens. Pass each through aidefence_scan to flag PII embedded in cookie values.
    • oauth: if the flow involves a third-party provider, capture the authorization request, verify state and nonce are present and high-entropy, verify redirect_uri matches the registered callback domain.
  4. Quarantine any token / credential / PII captured during probing — it stays inside the RVF container's findings, never returns to the model unredacted (aidefence_is_safe gate from browser-extract applies if you read the findings back).

  5. Write findings.md with one section per probe, severity rating per finding, and a verdict (pass / warn / fail).

  6. Index the session in browser-sessions with tag: auth-probe so future audits compare against it.

Caveats

  • This skill probes; it does not exploit. Do not chain follow-up requests using a captured token.
  • Credentials must come from a vaulted handle or interactive entry. Never hardcode them in the field map.
  • Some probes require multiple page loads. Trajectory step count for an auth probe typically lands at 15–40 steps; budget accordingly.
  • The output is structured for human review. Do not auto-act on findings without surfacing them to the user first.
信息
Category 编程开发
Name browser-auth-flow
版本 v20260707
大小 3.02KB
更新时间 2026-07-14
语言