Fake Applications in browser

[Roman Kümmel <ccuminn () soom cz>]

Hello to everyone,
I thought to create any Proof of Concepts about faking applications in 
web browser after I saw "Browser Event hijacking" 
(http://labs.neohapsis.com/2012/11/14/browser-event-hijacking/) with the 
CTRL+F trick and with fake search bar in browser.

It is possible to hijack user's admin password or their files with saved 
passwords or any configuration files, etc.

It is possible to make fake web browser in real web browser as well :) 
It allows to get Man in the middle position between users and web servers.

I presented this technique "Fake Applications in browser" in Prague at 
SOOM.cz Hacking & Security Conference (March 2013) and I describe it in 
the article 
http://www.soom.cz/index.php?name=articles/show&aid=637&title=Fake-Applications-in-Browser. 
It is written in czech language, so you must read it with (Google) 
translator.

Roman Kümmel aka .cCuMiNn.
http://www.soom.cz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/