Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hack Firefox to steal web-secrets Sunil Arora. How many of you use Firefox ?

Published byBernard O’Brien’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Hack Firefox to steal web-secrets Sunil Arora. How many of you use Firefox ?"— Presentation transcript:

1 Hack Firefox to steal web-secrets Sunil Arora

2 How many of you use Firefox ?

3 Firefox and extensions Firefox  Claimed to be most secure and most efficient web browser Firefox extensions  A way to extend Firefox to customize or add more functionality to it  Most of the popular websites (Google, Stumbleupon, Facebook etc.) provide their toolbar in form of extension  Popular functionalities like FTP, CHMReader, Flashblock, Adblock etc are available in form extensions

4 Agenda Malware overview Malware – How it works A look at existing vulnerabilities How malware can find its way on to victim’s Firefox Live demo

5 Lets meet john Uses internet for social networking. For example Facebook, orkut, myspace etc. Uses Email for professional as well as personal communication. For ex. Gmail, Yahoo or Corporate webemail Uses internet for his credit card transactions. For ex. Citibank, ICICI bank, HSBC etc Uses internet banking for managing his day to day finance activity Blogs on internet for professional as well as personal purpose.

6 John’s online world Problem Statement How to retrieve values of elements like username, password, credit card number, IPIN etc for a particular web resource (Gmail /Yahoo/Banking website etc)

7 Malware -Architecture Target List Secret List Secret Collector Engine Communicator Module Our Malware is nothing but a malicious Firefox extension

8 Intercept http requests being made by the browser Malware - Secret Collector -I Normal http request process Parse http request And Retrieve user typed Web secrets

9 Malware - Secret Collector - II Different Components within the Firefox can register to send/receive notifications. Some standard notifications --  quit-application  memory-pressure  Domwindowopened / domwindowclosed  http-on-modify-request / http-on-examine- response How to intercept http request ??? “Notifications” mechanism in Firefox

10 Malware -Target List Set of websites we want to steal secrets for URL: https://www.google.com/Authhttps://www.google.com/Auth Number of attributes: 2 Attribute Names: Email, Passwd

11 Malware - Secret List Set of collected secrets URL: https://www.google.com/Authhttps://www.google.com/Auth Number of attributes: 2 Name: Email, Value:john@gmail.com Name:Passwd Value:helloworld

12 Communicator Module Target ListSecret List Internet

13 How it can find its way to john’s Firefox - I Installing malicious extension  Command line silent install (firefox.exe – install –silent …XXX)  Using Firefox’s extension installation wizard  Copy malicious extension’s file in extension directory of Firefox

14 Exploit FireFox’s vulnerability (For ex. Extension upgrade vulnerability, quicktime RSTP vulnerability) to push the extension Installing the malicious extension exploiting vulnerability in some other existing application Bundle it in some other popular extension and redistribute Host malicious extension on a webserver and craft a webpage to drive user to install the hosted extension How it can find its way to john’s FireFox - II

15 Firefox extension upgrade vulnerability Firefox upgrade mechanism  enabling the extensions to poll an Internet server for updates  If an update is available, the extension will typically ask the user if they wish to upgrade, and then will download and install the new code.  Extensions fetching update from a http://www.xxx.com (non-SSL webserver) instead of https://www.xxx.com (SSL enabled webserver) are vulnerable to DNS based man in the middle attack. http://www.xxx.comhttps://www.xxx.com

16 Facebook Extension Facebook is a very popular social network site. It provides a FF toolbar as an FF extension. Any FF with facebook toolbar (v 1.1) is vulnerable to update vulnerability. Package our malicious extension in existing facebook toolbar (v1.6) and will push it through the update vulnerability Once malicious extension is installed in FF. The victim’s FF is compromised.

17 Attack Flow Facebook extension update Server Attacker’s update Server Hosting malicious extension Untrusted public network John’s FF running Facebook extensionHacker running Master Server X Y What is IP of update server Update server is at Y Fetches Target Lists Sends collected Secrets

18 Advisory Do not use public computer for important information exchange Up-to-date Software Install Firefox extensions from authentic sources (https://addons.mozilla.org) only Regularly check list of installed extensions Observe Firefox’s performance. Anomaly in performance may be due to an unwanted extension Do not ignore extension install warning

19 Thank U arora.sunil@gmail.com

Download ppt "Hack Firefox to steal web-secrets Sunil Arora. How many of you use Firefox ?"

Similar presentations

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
Computer Security at HomeSlide 1 Computer Security Major Security and Privacy Threats Using The Internet At Home.

Computer Security at HomeSlide 1 Computer Security Major Security and Privacy Threats Using The Internet At Home.
4.01 How Web Pages Work.

4.01 How Web Pages Work.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.

Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Topics in this presentation: The Web and how it works Difference between Web pages and web sites Web browsers and Web servers HTML purpose and structure.

Topics in this presentation: The Web and how it works Difference between Web pages and web sites Web browsers and Web servers HTML purpose and structure.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.

1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Module 1: Installing Internet Information Services 5.0.

Module 1: Installing Internet Information Services 5.0.

Similar presentations

Ads by Google