Description:
This video is aimed more at warning users about malicious browser plugins, than on keylogging. I chanced upon this video created by
Jabra (Just posted his
Unmasking You Defcon 17 talk a couple of minutes back) who demos a simple plugin called
Firefox Key-Logger and which, as it's name suggests, logs all the keystrokes you type into the browser.
The scary part is that once a plugin is activated, it runs with the same privileges as the browser itself. I can easily conceive of a trojan horse plugin which advertises say "download any video using this plugin" and then also secretly logs keystrokes and passwords, and sends them to a remote server without the user ever suspecting anything unusual. I am almost sure such plugins exist in the wild.
The Firefox Key-Logger itself could be used for malicious purposes - your visiting friend could unknowingly use your browser with the Key-logger plugin enabled and could end up disclosing his email etc. credentials to you :) I know this is pretty script kiddish :) but a hack nonetheless :)
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: