![]() The fraudster responsible for creating the malicious add-on claims (in poor English) to have been developing Mozilla add-ons since 2009, yet only created an account on the site last month: Mozilla will be automatically disabling the add-on for anyone who has downloaded and installed it.īefore the add-on was pulled, Hartmann also posted a short review to warn other users: ![]() This function searches for any forms that have non-empty password fields and then uses two other functions to send the purloined data to the fraudster:Īfter working out that the Mozilla Sniffer add-on was at fault, Hartmann reported the problem to and was impressed by Mozilla's fast and professional response - he received a reply within minutes and the extension was pulled from the site shortly afterwards. This injects a new search() function, which is called whenever a form is submitted by the browser. The Mozilla Sniffer add-on overwrote some of the original Tamper Data files, and also added a new script named tamperPost.js. Hartmann said this was a "nice way of hiding backdoor code". He was surprised to find the backdoor code in a popular security testing add-on called Tamper Data, although this was because the real rogue add-on - Mozilla Sniffer - was sharing the same UUID as the Tamper Data add-on, which meant it had overwritten the contents of the well-trusted Tamper Data directory. Hartmann assumed that this nefarious behaviour was caused by one of the new add-ons he had just installed, so he set about extracting the source code from the add-ons and searched for the hidden URL. This request transmitted his username and password to the remote server, as well as the URL of the login page. When Hartmann logged into his friend's game, he noticed an unusual HTTP request being made to an unrelated address at. I started Burp Suite Pro in parallel to check whatĪdditional help I can get from the extensions, and to watch what they Me and started to have a look at a friend's online game from a security Security Collection a try, installed a bundle of extensions unknown to The backdoor was fortunately discovered by Mozilla user Johann-Peter Hartmann of SektionEins while he was using the Mozilla Sniffer add-on to test the security of a friend's online game. However, using the Mozilla Sniffer add-on would have introduced an unexpected vulnerability in any application being tested - whenever a login form was submitted, the add-on secretly sent a copy of the URL, password and other details to an IP address presumably controlled by the malicious author. This set of tools is popular within the security community, as it simplifies the process of discovering vulnerabilities in web applications. The rogue Mozilla Sniffer add-on was included in the Web Application Security Penetration Testing collection. * Each socket on a browser is now represented by a single stream.A backdoor has been discovered among a collection of security testing tools for Firefox. * Stream sniffing: Sniff encrypted network activity. * Traffic monitoring: Track surfing activities containing encrypted data (Current tracking products can only report IPs.) * Spam filtering: Filter encrypted Outlook mail sessions. * Traffic control: Forward data to any proxy, local or remote. * Parental control: Filter SSL data based on keywords - unlike current SSL filtering, which is based on IPs. This one-of-a-kind SDK opens the door to a number of exciting possibilities: We have decided to release a very straightforward free HTTP and HTTPS sniffer (SSL sniffer) for Internet Explorer (versions 6.0 and 7.0) and Mozilla Firefox, in order to demonstrate the abilities of our SSL redirector SDK platform.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |