Encrypted communication tunnel via VK (RSA + GreaseMonkey)
In connection with recent developments in the world, network users are increasingly thinking about their security: someone refuses to use a number of web services, someone deletes personal information, photos and other data from social networks, and someone does Blocks "their accounts. But only the majority of these data are deleted only visually , which is, in principle, a well-known fact.
Since a significant part of my acquaintances are people who do not have sufficient knowledge in the field of IT, then they have to do their best to make them use unusual services or utilities that I consider safe.
I offer a relatively simple way to install a secure channel for text communication through the well-known VK network. To do this, do not need any additional software or extensive knowledge in the field of information security. All you need to have is a web browser and a GreaseMonkey addon.
The motive of this method is to create a channel managed by interlocutors without an intermediary, i.e. Do not allow the server to see unencrypted text messages. Of course, a typical man-in-the-middle attack by substitution of the public key is quite possible, but very unlikely, since we are afraid not of listening in real time , but of the potential danger of compromising the text of messages in the near future, for example, at the request of special services.
As I said above, the idea was to create your own messenger(well, you understand, with what) . Why? Of a couple of reasons:
But through some difficulties, among which - both product development and its introduction among non-programmers. Therefore, VKontakte was definitely chosen as the subject of these perversions, and the GreaseMonkey addon became the platform for implementing the final product:
Based on the audience for which this article is intended, I will not explain the installation process of GreaseMonkey and my script. If you do not know how to do it - read the manual, for example, here (thanks google for this link).
As the encryption mechanism, of course, the unique RSA in the standard implementation is selected. There is no point in explaining this mechanism either, since the article is not about it, but about automating this process, but, just in case, two-way asymmetric encryption looks like this:
')
The process in the picture:
To implement the RSA algorithm, I used its JS implementation, written by the guys from Stanford . She was one of the first that caught my eye, and perfectly met all my expectations, so I used it.
So what does the script do?
When you open the chat page in the upper right corner, the message “VKSL loaded” should appear (you may have to press F5 if you moved from another page). Pressing
After that, each of the interlocutors must click on the link "GENERATE KEYS NOW" . After a few (perhaps tens) seconds, a message will appear that the key has been generated and sent. Consequently, the interlocutor at the other end will also be notified of this.
Now you can begin to communicate. To send a normal message, use the standard button, to send an encrypted message, click on “SEND ENCRYPTED” . The script at the other end will understand what to do if an encrypted message is received.
You can install the script from here: http://userscripts.org/scripts/show/396094
Thank you for your attention!
EDIT: I apologize for the many spelling mistakes that readers kindly paid my attention to. It seems that everything is fixed.
Since a significant part of my acquaintances are people who do not have sufficient knowledge in the field of IT, then they have to do their best to make them use unusual services or utilities that I consider safe.
I offer a relatively simple way to install a secure channel for text communication through the well-known VK network. To do this, do not need any additional software or extensive knowledge in the field of information security. All you need to have is a web browser and a GreaseMonkey addon.
general information
The motive of this method is to create a channel managed by interlocutors without an intermediary, i.e. Do not allow the server to see unencrypted text messages. Of course, a typical man-in-the-middle attack by substitution of the public key is quite possible, but very unlikely, since we are afraid not of listening in real time , but of the potential danger of compromising the text of messages in the near future, for example, at the request of special services.
As I said above, the idea was to create your own messenger
- My friends and I can trust my product;
- I can make it what I want;
- It's fun!
But through some difficulties, among which - both product development and its introduction among non-programmers. Therefore, VKontakte was definitely chosen as the subject of these perversions, and the GreaseMonkey addon became the platform for implementing the final product:
- Most friends use exactly VKontakte;
- It's pretty easy to explain the process of unfolding my script.
Some well-known technical data.
Based on the audience for which this article is intended, I will not explain the installation process of GreaseMonkey and my script. If you do not know how to do it - read the manual, for example, here (thanks google for this link).
As the encryption mechanism, of course, the unique RSA in the standard implementation is selected. There is no point in explaining this mechanism either, since the article is not about it, but about automating this process, but, just in case, two-way asymmetric encryption looks like this:
- The interlocutors exchange public keys. This process is automated by our script.
- One of the interlocutors sends a message. This message is encrypted with the partner’s public (public) key.
- The other one gets this message. This message is decrypted by its private (private) key.
')
The process in the picture:
To implement the RSA algorithm, I used its JS implementation, written by the guys from Stanford . She was one of the first that caught my eye, and perfectly met all my expectations, so I used it.
Closer to the point
So what does the script do?
- Introduces itself to the VK page when it is opened, and patches the document, adding an event to pressing
CTRL+SHIFT+V; - By pressing the last combination adds buttons to send encrypted messages and generate a public key for a partner;
- It responds to messages like
"%n:__"and"%m:_"message"%m:_", replacing them with notifications about the fact of receiving the public key from the partner or the decrypted text. - Patch DOM elements with their attributes with the prefix "vksl-" to save their state.
Brief instruction
When you open the chat page in the upper right corner, the message “VKSL loaded” should appear (you may have to press F5 if you moved from another page). Pressing
CTRL+SHIFT+V on the page with the chat, again we get a message about the successful (or unsuccessful) injection of the encoder into the page code.After that, each of the interlocutors must click on the link "GENERATE KEYS NOW" . After a few (perhaps tens) seconds, a message will appear that the key has been generated and sent. Consequently, the interlocutor at the other end will also be notified of this.
Now you can begin to communicate. To send a normal message, use the standard button, to send an encrypted message, click on “SEND ENCRYPTED” . The script at the other end will understand what to do if an encrypted message is received.
Problems that have so far been too lazy to fix (and should)
- The script does not work in conferences, and is designed only for two-way communication.
- The maximum length of the message at the moment is only 32 bytes - you need to encrypt it, breaking the text into blocks, and not like it is now.
- By clicking on "Enter" is called the native send. It takes a little more digging through the code to replace this event as well.
- Attachments are not encrypted because they are not actually part of the message.
You can install the script from here: http://userscripts.org/scripts/show/396094
Thank you for your attention!
EDIT: I apologize for the many spelling mistakes that readers kindly paid my attention to. It seems that everything is fixed.
Source: https://habr.com/ru/post/213537/
All Articles