Step 2: Register a Passkey on attacker.shc.me

This stores a passkey on attacker.shc.me so the attacker origin has a WebAuthn credential available for the combined request.

The passkey is created for RP ID attacker.shc.me on the attacker origin.

Passkey Registration

Click the button below and complete the browser or OS passkey prompt.

Notes:

If your browser asks where to save the passkey, choose any available authenticator.
After registration succeeds, continue to Step 3.

← Back to Step 1