Hacking internet users password using malicious firefox plugin

images

Back again to the hacking tutorial after hectic time lately. Today we will discuss about Hacking Internet Users Password Using Malicious Firefox Plugin.

he title Hacking Internet Users Password Using Malicious Firefox Plugin is come after some users asking about the possiblity to gather username and password from browser plugin.

The answer is yes you can gather a username and password from internet users when they installed a malicious plugin.According to wikipedia a plugin is

In computing, a plug-in (or plugin, extension) is a software component that adds a specific feature to an existing software application. When an application supports plug-ins, it enables customization. The common examples are the plug-ins used in web browsers to add new features such as search-engines, virus scanners, or the ability to utilize a new file type such as a new video format.

in this Hacking Internet Users Password Using Malicious Firefox Plugin case, the attacker will change or add or modify or create the main function of a firefox plugin and override or rewrite some function to do some malicious activities with benefit for the attacker.

Requirements:

1. Firefox malicious plugin

2. Understand Javascript

3. Social Engineering

1. If you still didn’t get the scenario, we try to draw it in a picture below.

ff-plugin1

Victim browser which has a malicious Firefox plugin installed accessing the internet. As victim browse the internet, the infected browser will also send the data to the attacker server. The data is which website victim visited, and send the username and password as well.

2. This is the plugin looks like

ff-plugin2

3. This is the attacker harvester server code looks like

ff-plugin3

– the attacker harvester website will grab all GET or POST method and store it in a simple TXT file, but it can change to other database server as well.

4. This is the video how a firefox plugin can steal your credentials.

Source <hacking-tutorial>

Mail: tmtuyen89@gmail.com
Blog: mrlonely909

Advertisements

One comment on “Hacking internet users password using malicious firefox plugin

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s