• Home
  • Hacking
  • Tech News
  • Tips & Tricks
  • Social Network
  • Windows
  • Android
  • Assorted

Thursday, May 8, 2014

Hacking Internet Users Password Using Malicious Firefox Plugin

Back again to the hacking tutorial after hectic time lately. Today we will discuss about Hacking Internet Users Password Using Malicious Firefox Plugin.

The title Hacking Internet Users Password Using Malicious Firefox Plugin is come after some users asking about the possibility to gather username and password from browser plugin.
The answer is yes you can gather a username and password from internet users when they installed a malicious plugin.

According to Wikipedia a plugin is:
In computing, a plug-in (or plugin, extension) is a software component that adds a specific feature to an existing software application. When an application supports plug-ins, it enables customization. The common examples are the plug-ins used in web browsers to add new features such as search-engines, virus scanners, or the ability to utilize a new file type such as a new video format.

In this Hacking Internet Users Password Using Malicious Firefox Plugin case, the attacker will change or add or modify or create the main function of a Firefox plugin and override or rewrite some function to do some malicious activities with benefit for the attacker.

1. Firefox malicious plugin
2. Understand Javascript
3. Social Engineering

How to Hacking Internet Users Password Using Malicious Firefox Plugin:

1. If you still didn't get the scenario, we try to draw it in a picture below.

Victim browser which has a malicious Firefox plugin installed accessing the internet. As victim browse the internet, the infected browser will also send the data to the attacker server. The data is which website victim visited, and send the username and password as well.

2. This is the plugin looks like

3. This is the attacker harvester server code looks like

the attacker harvester website will grab all GET or POST method and store it in a simple TXT file, but it can change to other database server as well.

4. This is the video how a firefox plugin can steal your credentials.


Make sure you download the plugin only from trusted source (e.g: http://addons.mozilla.org/).

Please give your reaction to the content as it will help me to understand my blog better
Any suggestion for the content of the blog is widely Accepted and Appreciated.
Thank you for being kind viewer of my blog.

No comments:

Post a Comment