fix: update extension references to Chrome Web Store

README.md

@@ -118,24 +118,22 @@ No setup required. Open [Passkeys.Tools](https://passkeys.tools) in your browser
 
 Intercept and modify live WebAuthn API calls using the browser extension:
 
-1. **Download the extension:** Click "Extension" in the navbar to download the extension package.
+1. **Install the extension:** Install the extension from the [Chrome Web Store](https://chromewebstore.google.com/detail/passkeystools-interceptor/jeocfgcignclemjmlnmmhlcnalfioflg).
 
-2. **Install the extension:** Extract the archive. In Chrome, go to `chrome://extensions`, enable "Developer mode", click "Load unpacked", and select the extracted folder.
-
-3. **Configure the extension:** Click the extension icon and configure:
+2. **Configure the extension:** Click the extension icon and configure:
    - **Frontend URL:** URL of your Passkeys.Tools instance (default: `https://passkeys.tools`)
    - **Operation Mode:** Select "Default" for normal per-site credential scoping
    - **Popup Display Mode:** Choose "Detached Window" or "Inline Popup"
 
-4. **Start intercepting:** Visit any website using WebAuthn. When a registration or authentication triggers, Passkeys.Tools opens automatically for inspection and modification.
+3. **Start intercepting:** Visit any website using WebAuthn. When a registration or authentication triggers, Passkeys.Tools opens automatically for inspection and modification.
 
 **Use when:** You need to test a relying party's server-side validation by modifying live WebAuthn responses.
 
 ### Cross-Browser Mode
 
 Share data between multiple browser profiles for cross-session attack testing:
 
-1. **Install the extension** in all Chrome profiles you want to use.
+1. **Install the extension** from the [Chrome Web Store](https://chromewebstore.google.com/detail/passkeystools-interceptor/jeocfgcignclemjmlnmmhlcnalfioflg) in all Chrome profiles you want to use.
 
 2. **Configure Operation Mode:** Select "Profile 1" in one browser (e.g., attacker) and "Profile 2" in another (e.g., victim).
 

frontend/html/info.html

@@ -37,7 +37,7 @@ <h6><i class="bi bi-box me-2"></i>Standalone Mode</h6>
 
                 <h6><i class="bi bi-lightning me-2"></i>Interceptor Mode</h6>
                 <p class="text-muted small mb-2">Live interception and modification of WebAuthn API calls</p>
-                <p>Builds on Standalone Mode by adding real-time interception via the <a href="extension.zip">browser extension</a>. The extension hooks into the WebAuthn API to capture and modify all <code>navigator.credentials.create()</code> and <code>get()</code> calls before they reach the relying party—similar to <a href="https://portswigger.net/burp">Burp Suite</a> but specialized for WebAuthn. Data remains in localStorage. Use passthrough to forward the request to your browser's or device's native authenticator (Touch ID, Windows Hello, etc.). The response is captured and displayed for inspection or modification before sending back to the relying party.</p>
+                <p>Builds on Standalone Mode by adding real-time interception via the <a href="https://chromewebstore.google.com/detail/passkeystools-interceptor/jeocfgcignclemjmlnmmhlcnalfioflg" target="_blank">browser extension</a>. The extension hooks into the WebAuthn API to capture and modify all <code>navigator.credentials.create()</code> and <code>get()</code> calls before they reach the relying party—similar to <a href="https://portswigger.net/burp">Burp Suite</a> but specialized for WebAuthn. Data remains in localStorage. Use passthrough to forward the request to your browser's or device's native authenticator (Touch ID, Windows Hello, etc.). The response is captured and displayed for inspection or modification before sending back to the relying party.</p>
                 <p><strong>Use when:</strong> You need to test a relying party's server-side validation by modifying live WebAuthn responses.</p>
                 <p class="mb-3"><strong>Example:</strong> Intercept a registration, replace the challenge with random bytes, and verify if the server properly validates challenge binding. Or flip a bit in the signature to test signature verification.</p>
 
@@ -82,7 +82,7 @@ <h6><i class="bi bi-arrow-left-right me-2"></i>Converters</h6>
                 <p class="mb-3">Encoding utilities for Base64, Base64URL, and Hex conversions. Convert keys between JWK, COSE, PEM, and DER formats for compatibility with different tools and libraries.</p>
 
                 <h6><i class="bi bi-lightning me-2"></i>Interceptor</h6>
-                <p>Central hub for live WebAuthn interception (requires <a href="extension.zip">browser extension</a>). View request details, select credentials and keys, apply one-click security tests (challenge manipulation, signature tampering, flag modifications), and craft custom responses. Use passthrough to forward requests to your native authenticator and capture real responses for inspection or modification.</p>
+                <p>Central hub for live WebAuthn interception (requires <a href="https://chromewebstore.google.com/detail/passkeystools-interceptor/jeocfgcignclemjmlnmmhlcnalfioflg" target="_blank">browser extension</a>). View request details, select credentials and keys, apply one-click security tests (challenge manipulation, signature tampering, flag modifications), and craft custom responses. Use passthrough to forward requests to your native authenticator and capture real responses for inspection or modification.</p>
             </div>
         </div>
     </div>
@@ -107,10 +107,7 @@ <h6><i class="bi bi-lightning me-2"></i>Interceptor Mode Setup</h6>
 
                 <ol>
                     <li class="mb-2">
-                        <strong>Download the extension:</strong> Click <a href="extension.zip">Extension</a> in the navbar to download the extension package.
-                    </li>
-                    <li class="mb-2">
-                        <strong>Install the extension:</strong> Extract the downloaded archive. In Chrome, navigate to <code>chrome://extensions</code>, enable "Developer mode" (top right), click "Load unpacked", and select the extracted extension folder.
+                        <strong>Install the extension:</strong> Install the extension from the <a href="https://chromewebstore.google.com/detail/passkeystools-interceptor/jeocfgcignclemjmlnmmhlcnalfioflg" target="_blank">Chrome Web Store</a>.
                     </li>
                     <li class="mb-2">
                         <strong>Configure the extension:</strong> Click the extension icon in your browser toolbar to open the popup. Configure these settings:
@@ -135,7 +132,7 @@ <h6><i class="bi bi-window-stack me-2"></i>Cross-Browser Mode Setup</h6>
 
                 <ol>
                     <li class="mb-2">
-                        <strong>Install the extension</strong> in all Chrome profiles you want to use (see Interceptor Mode steps 1-2).
+                        <strong>Install the extension</strong> from the <a href="https://chromewebstore.google.com/detail/passkeystools-interceptor/jeocfgcignclemjmlnmmhlcnalfioflg" target="_blank">Chrome Web Store</a> in all Chrome profiles you want to use.
                     </li>
                     <li class="mb-2">
                         <strong>Configure Operation Mode:</strong> In the extension popup, select <em>Profile 1</em> in one browser (e.g., attacker) and <em>Profile 2</em> in another (e.g., victim). All websites will share the same credential scoped to the selected profile, enabling cross-browser credential swapping tests.

frontend/html/nav.html

@@ -77,7 +77,7 @@
                     </ul>
                 </li>
                 <li class="nav-item me-1">
-                    <a class="nav-link" href="/extension.zip" download>
+                    <a class="nav-link" href="https://chromewebstore.google.com/detail/passkeystools-interceptor/jeocfgcignclemjmlnmmhlcnalfioflg" target="_blank">
                         <i class="bi bi-puzzle"></i> Extension
                     </a>
                 </li>