Custom BPCE Authentication with Escape¶
Description¶
The 'Custom BPCE' preset implements authentication for BPCE (Banque Populaire Caisse d'Epargne) banking systems:
- Multi-Environment Support: Automatically detects and handles both Banque Populaire (BP) and Caisse Epargne (CE) environments based on user identifier.
- PKCE OAuth Flow: Implements OAuth 2.0 Authorization Code flow with PKCE for secure authentication.
- Virtual Keyboard OCR: Uses advanced OCR with the existing lightweight CNN model to automatically recognize digits from BPCE's virtual keyboard.
- Two-Factor Authentication: Handles SMS OTP verification as second authentication factor.
- Intelligent Digit Recognition: Employs a hybrid approach with CNN prediction, confidence-based fallback, and position-based mapping for maximum reliability.
Technical Implementation:
- OCR Engine: Leverages the existing
ocr_model.h5CNN model for digit recognition from virtual keyboard images - Fallback System: Three-tier recognition system (high confidence → medium confidence → position-based) ensures 100% digit coverage
- Environment Detection: Automatically selects BP or CE configuration based on user identifier prefix
- SAML Integration: Handles complex SAML request/response flow required by BPCE systems
Performance: This method requires HTTP-only requests with OCR processing, making it more efficient than full browser automation while maintaining high security through virtual keyboard interaction.
Security: Implements PKCE OAuth 2.0 flow with virtual keyboard interaction, providing bank-grade security without exposing credentials in plain text.
Use Cases: Specifically designed for BPCE banking authentication in automated security testing scenarios where traditional OAuth flows are not sufficient due to virtual keyboard requirements.
Examples¶
presets:
- type: custom_bpce
environment: BP
users:
- username: D0013772
otp: '00000000'
password: '12121212'
- username: C0098765
otp: '12345678'
password: '87654321'
Extensive Configuration¶
| Property | Type | Default | Description |
|---|---|---|---|
environment * | string | Environment for BPCE authentication (BP or CE) | |
extractions | List[HTTPExtraction] | null | The extraction configuration used to extract additional data from HTTP responses. By default, the AT is extracted. |
injections | List[HTTPInjection] | null | The injection configuration used to inject tokens into HTTP requests. |
type * | Const[custom_bpce] | custom_bpce | |
users * | List[CustomBpceUserPreset] | A list of users to authenticate with BPCE |
Objects¶
CustomBpceUserPreset¶
| Property | Type | Default | Description |
|---|---|---|---|
cookies | Dict[string, string] | null | Optional cookies injected during the authentication process and in authentified requests. |
headers | Dict[string, string] | null | Optional headers injected during the authentication process and in authentified requests. |
otp | string | 00000000 | The OTP/SMS code for second factor authentication. Defaults to test value. |
password * | string | The password (PIN) of the user for BPCE authentication. | |
query_parameters | Dict[string, string] | null | Optional query parameters injected during the authentication process and in authentified requests. |
username * | string | The username of the user. |
HTTPExtraction¶
| Property | Type | Default | Description |
|---|---|---|---|
key * | string | The key to use for the extracted value, depending on the location | |
location * | HTTPLocation | The location of the HTTP request where the value should be extracted | |
name * | string | The name of the variable to store the extracted value into | |
regex | string | null | The regex to use to extract the token from the key value. By default the entire value is taken. |
HTTPInjection¶
| Property | Type | Default | Description |
|---|---|---|---|
key * | string | The key to use for the injected token. Its usage depends on the location. For headers, cookies,and query parameters, this key describes the name of the header, cookie or query parameter. For a body location, the key is the field where the token should be injected within the request bodies | |
location * | HTTPLocation | The location of the HTTP request where the token should be injected | |
prefix | string | null | A prefix to prepend to the token before it is injected |
variable * | string | The name of a variable to retrieve to create the token's value. If not provided, the token will be infered as the first successful extraction of the procedure |
Enums¶
HTTPLocation¶
| Value |
|---|
header |
cookie |
body |
query |