Full Disclosure mailing list archives
Fake Applications in browser
From: Roman Kümmel <ccuminn () soom cz>
Date: Sun, 17 Mar 2013 18:11:47 +0100
Hello to everyone,I thought to create any Proof of Concepts about faking applications in web browser after I saw "Browser Event hijacking" (http://labs.neohapsis.com/2012/11/14/browser-event-hijacking/) with the CTRL+F trick and with fake search bar in browser.
It is possible to hijack user's admin password or their files with saved passwords or any configuration files, etc.
It is possible to make fake web browser in real web browser as well :) It allows to get Man in the middle position between users and web servers.
I presented this technique "Fake Applications in browser" in Prague at SOOM.cz Hacking & Security Conference (March 2013) and I describe it in the article http://www.soom.cz/index.php?name=articles/show&aid=637&title=Fake-Applications-in-Browser. It is written in czech language, so you must read it with (Google) translator.
Roman Kümmel aka .cCuMiNn. http://www.soom.cz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fake Applications in browser Roman Kümmel (Mar 17)