Hack Firefox to steal web-secrets Sunil Arora. How many of you use Firefox ?

Slides:

Advertisements

Similar presentations

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Advertisements

Computer Security at HomeSlide 1 Computer Security Major Security and Privacy Threats Using The Internet At Home.

4.01 How Web Pages Work.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

An Evaluation of the Google Chrome Extension Security Architecture

Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

Phishing – Read Behind The Lines Veljko Pejović

Topics in this presentation: The Web and how it works Difference between Web pages and web sites Web browsers and Web servers HTML purpose and structure.

Enterprise Network Security Accessing the WAN Lecture week 4.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.

Norman SecureSurf Protect your users when surfing the Internet.

Threats to I.T Internet security By Cameron Mundy.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Module 1: Installing Internet Information Services 5.0.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

Adware, Spyware, and Malware Anand Dedhia Bharath Raj ECE 4112 Project 28 April 2005.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

Givingabit & ‘forgetmenot’ for businesses who support charity.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Dr. Omar Al Jadaan The Internet. Internet Service Provider (ISP) Content Providers: create and maintained material that can be accessed using the internet.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Staying Safe Online Keep your Information Secure.

Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.

Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

HOW WEB SERVER WORKS? By- PUSHPENDU MONDAL RAJAT CHAUHAN RAHUL YADAV RANJIT MEENA RAHUL TYAGI.

Browser Security Evaluation IE6 vs. IE7 vs. Firefox 3.0 Gowri Kanugovi.

Web Engineering we define Web Engineering as follows: 1) Web Engineering is the application of systematic and proven approaches (concepts, methods, techniques,

Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.

Department of Computer Science Internet Performance Measurements using Firefox Extensions Scot L. DeDeo Professor Craig Wills.

XP Browser and Basics COM111 Introduction to Computer Applications.

What is Spam? d min.

THE INTERNET. TABLE OF CONTENT CONNECTING TO THE INTERNET ELECTRONIC MAIL WORLD WIDE WEB INTERNET SERVICES.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

WHAT IS E-COMMERCE? E-COMMERCE is a online service that helps the seller/buyer complete their transaction through a secure server. Throughout the past.

Poster Print Size: This poster template is 50” high by 30” wide and is printed at 120% for a 60” high by 36” wide poster. It can be used to print any poster.

Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.

Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.

PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.

Uniform Resource Locator URL protocol URL host Path to file Every single website on the Internet has its own unique.

E-commerce Architecture Ayşe Başar Bener. Client Server Architecture E-commerce is based on client/ server architecture –Client processes requesting service.

Android and IOS Permissions Why are they here and what do they want from me?

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

How To Remove Flooders?-Get Help Website:

4.01 How Web Pages Work.

Penetration Testing Social Engineering Attack and Web-based Exploitation CIS 6395, Incident Response Technologies Fall.

WEB APPLICATION TESTING

Secure Software Confidentiality Integrity Data Security Authentication

Chapter 8 Building the Transaction Database

Network security threats

Introduction to Computers

Phishing is a form of social engineering that attempts to steal sensitive information.

Stealing Credentials.

Configuring Internet-related services

Web Servers / Deployment

Computer Security.

4.01 How Web Pages Work.

Chapter 9: Configuring Internet Explorer

Week 7 - Wednesday CS363.

Protecting Browsers from Extension Vulnerabilities

Presentation transcript:

Hack Firefox to steal web-secrets Sunil Arora

How many of you use Firefox ?

Firefox and extensions Firefox  Claimed to be most secure and most efficient web browser Firefox extensions  A way to extend Firefox to customize or add more functionality to it  Most of the popular websites (Google, Stumbleupon, Facebook etc.) provide their toolbar in form of extension  Popular functionalities like FTP, CHMReader, Flashblock, Adblock etc are available in form extensions

Agenda Malware overview Malware – How it works A look at existing vulnerabilities How malware can find its way on to victim’s Firefox Live demo

Lets meet john Uses internet for social networking. For example Facebook, orkut, myspace etc. Uses for professional as well as personal communication. For ex. Gmail, Yahoo or Corporate web Uses internet for his credit card transactions. For ex. Citibank, ICICI bank, HSBC etc Uses internet banking for managing his day to day finance activity Blogs on internet for professional as well as personal purpose.

John’s online world Problem Statement How to retrieve values of elements like username, password, credit card number, IPIN etc for a particular web resource (Gmail /Yahoo/Banking website etc)

Malware -Architecture Target List Secret List Secret Collector Engine Communicator Module Our Malware is nothing but a malicious Firefox extension

Intercept http requests being made by the browser Malware - Secret Collector -I Normal http request process Parse http request And Retrieve user typed Web secrets

Malware - Secret Collector - II Different Components within the Firefox can register to send/receive notifications. Some standard notifications --  quit-application  memory-pressure  Domwindowopened / domwindowclosed  http-on-modify-request / http-on-examine- response How to intercept http request ??? “Notifications” mechanism in Firefox

Malware -Target List Set of websites we want to steal secrets for URL: Number of attributes: 2 Attribute Names: , Passwd

Malware - Secret List Set of collected secrets URL: Number of attributes: 2 Name: , Name:Passwd Value:helloworld

Communicator Module Target ListSecret List Internet

How it can find its way to john’s Firefox - I Installing malicious extension  Command line silent install (firefox.exe – install –silent …XXX)  Using Firefox’s extension installation wizard  Copy malicious extension’s file in extension directory of Firefox

Exploit FireFox’s vulnerability (For ex. Extension upgrade vulnerability, quicktime RSTP vulnerability) to push the extension Installing the malicious extension exploiting vulnerability in some other existing application Bundle it in some other popular extension and redistribute Host malicious extension on a webserver and craft a webpage to drive user to install the hosted extension How it can find its way to john’s FireFox - II

Firefox extension upgrade vulnerability Firefox upgrade mechanism  enabling the extensions to poll an Internet server for updates  If an update is available, the extension will typically ask the user if they wish to upgrade, and then will download and install the new code.  Extensions fetching update from a (non-SSL webserver) instead of (SSL enabled webserver) are vulnerable to DNS based man in the middle attack.

Facebook Extension Facebook is a very popular social network site. It provides a FF toolbar as an FF extension. Any FF with facebook toolbar (v 1.1) is vulnerable to update vulnerability. Package our malicious extension in existing facebook toolbar (v1.6) and will push it through the update vulnerability Once malicious extension is installed in FF. The victim’s FF is compromised.

Attack Flow Facebook extension update Server Attacker’s update Server Hosting malicious extension Untrusted public network John’s FF running Facebook extensionHacker running Master Server X Y What is IP of update server Update server is at Y Fetches Target Lists Sends collected Secrets

Advisory Do not use public computer for important information exchange Up-to-date Software Install Firefox extensions from authentic sources ( only Regularly check list of installed extensions Observe Firefox’s performance. Anomaly in performance may be due to an unwanted extension Do not ignore extension install warning

Thank U