The title Hacking Internet Users Password Using Malicious Firefox Plugin is come after some users asking about the possiblity to gather username and password from browser plugin.
The answer is yes you can gather a username and password from internet users when they installed a malicious plugin.According to wikipedia a plugin is
In computing, a plug-in (or plugin, extension) is a software component that adds a specific feature to an existing software application. When an application supports plug-ins, it enables customization. The common examples are the plug-ins used in web browsers to add new features such as search-engines, virus scanners, or the ability to utilize a new file type such as a new video format.
in this Hacking Internet Users Password Using Malicious Firefox Plugin case, the attacker will change or add or modify or create the main function of a firefox plugin and override or rewrite some function to do some malicious activities with benefit for the attacker.
1. Firefox malicious plugin
1. If you still didn't get the scenario, we try to draw it in a picture below.
Victim browser which has a malicious Firefox plugin installed accessing the internet. As victim browse the internet, the infected browser will also send the data to the attacker server. The data is which website victim visited, and send the username and password as well.
2. This is the plugin looks like
3. This is the attacker harvester server code looks like
the attacker harvester website will grab all GET or POST method and store it in a simple TXT file, but it can change to other database server as well.
4. This is the video how a firefox plugin can steal your credentials.
1. Make sure you download the plugin only from trusted source (e.g: http://addons.mozilla.org/).
2. We still prepare the plugin to download. Follow and like our Facebook page https://www.facebook.com/computer.hacking.tutorial for the news update.
Hope it's useful 🙂