browser-auth-flow

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Browser Auth Flow

Adversarial probe of a site's authentication. Drives the login flow once, records the trajectory, then runs a configurable set of probes against the captured artifacts and live page. Output is a structured

findings.md

inside the RVF container.

对网站认证流程进行对抗性探测。先执行一次登录流程并记录轨迹，然后针对捕获的信息和实时页面运行一组可配置的探测。输出内容为RVF容器内的结构化

findings.md

文档。

When to use

适用场景

Pre-deployment audit of a new auth flow.
Investigating a suspected token leak or redirect issue.
Establishing a baseline for ongoing regression checks.

新认证流程部署前的审计。
调查疑似的令牌泄露或重定向问题。
为持续回归检查建立基准。

Steps

步骤

Open a recorded session via
```
browser-record
```
.
Drive the auth flow as in
```
browser-login
```
(credentials come from
```
--credentials <handle>
```
referencing
```
browser-cookies
```
if the run is a re-auth probe).
Run probes:
- csrf
  : inspect the login POST in the trajectory; verify a same-origin token field is present and non-empty.
- redirect
  : watch
```
browser_get-url
```
  after each nav for cross-origin redirects with auth state in the URL or fragment. Flag any token-bearing URL that crosses an origin boundary.
- cookie
  : walk
```
document.cookie
```
  via
```
browser_eval
```
  . For each cookie, check
```
Secure
```
  ,
```
HttpOnly
```
  ,
```
SameSite
```
  , expiry, and entropy of the value. Flag missing flags or short tokens. Pass each through
```
aidefence_scan
```
  to flag PII embedded in cookie values.
- oauth
  : if the flow involves a third-party provider, capture the authorization request, verify
```
state
```
  and
```
nonce
```
  are present and high-entropy, verify
```
redirect_uri
```
  matches the registered callback domain.
Quarantine any token / credential / PII captured during probing — it stays inside the RVF container's findings, never returns to the model unredacted (
```
aidefence_is_safe
```
gate from
```
browser-extract
```
applies if you read the findings back).
Write
findings.md
with one section per probe, severity rating per finding, and a
```
verdict
```
(pass / warn / fail).
Index the session in
```
browser-sessions
```
with
```
tag: auth-probe
```
so future audits compare against it.

通过
browser-record
打开已录制的会话。
按照
browser-login
的方式执行认证流程（如果是重新认证探测，凭据来自
```
--credentials <handle>
```
，引用
```
browser-cookies
```
）。
运行探测：
- csrf
  ：检查轨迹中的登录POST请求；验证是否存在同源令牌字段且非空。
- redirect
  ：在每次导航后通过
```
browser_get-url
```
  监控包含认证状态的跨源重定向（URL或片段中）。标记任何跨越源边界且携带令牌的URL。
- cookie
  ：通过
```
browser_eval
```
  遍历
```
document.cookie
```
  。针对每个Cookie，检查
```
Secure
```
  、
```
HttpOnly
```
  、
```
SameSite
```
  属性、过期时间以及值的熵值。标记缺失必要属性或令牌过短的情况。将每个Cookie传入
```
aidefence_scan
```
  ，标记嵌入在Cookie值中的PII。
- oauth
  ：如果流程涉及第三方提供商，捕获授权请求，验证
```
state
```
  和
```
nonce
```
  是否存在且具有高熵值，验证
```
redirect_uri
```
  是否与注册的回调域名匹配。
隔离探测过程中捕获的任何令牌/凭据/PII——它们仅保留在RVF容器的结果中，绝不会以未编辑的形式返回给模型（如果您读取结果，
```
browser-extract
```
中的
```
aidefence_is_safe
```
网关会生效）。
生成
findings.md
：每个探测对应一个章节，每个结果包含严重性评级，以及一个
```
verdict
```
（通过/警告/失败）。
在
browser-sessions
中索引会话，添加
```
tag: auth-probe
```
，以便未来审计时进行对比。

Caveats

注意事项

This skill probes; it does not exploit. Do not chain follow-up requests using a captured token.
Credentials must come from a vaulted handle or interactive entry. Never hardcode them in the field map.
Some probes require multiple page loads. Trajectory step count for an auth probe typically lands at 15–40 steps; budget accordingly.
The output is structured for human review. Do not auto-act on findings without surfacing them to the user first.

本技能仅用于探测，不用于攻击。请勿使用捕获的令牌发起后续请求。
凭据必须来自加密存储的句柄或交互式输入。切勿在字段映射中硬编码凭据。
部分探测需要多次页面加载。认证探测的轨迹步骤数通常在15–40步之间，请合理分配资源。
输出内容为结构化格式，供人工审核。在未将结果展示给用户之前，请勿自动根据结果执行操作。