[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Fake Applications in browser

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Fake Applications in browser
From: Roman Kümmel <ccuminn@xxxxxxx>
Date: Sun, 17 Mar 2013 18:11:47 +0100

Hello to everyone,

I thought to create any Proof of Concepts about faking applications inweb browser after I saw "Browser Event hijacking"(http://labs.neohapsis.com/2012/11/14/browser-event-hijacking/) with theCTRL+F trick and with fake search bar in browser.

It is possible to hijack user's admin password or their files with savedpasswords or any configuration files, etc.

It is possible to make fake web browser in real web browser as well :)It allows to get Man in the middle position between users and web servers.

I presented this technique "Fake Applications in browser" in Prague atSOOM.cz Hacking & Security Conference (March 2013) and I describe it inthe articlehttp://www.soom.cz/index.php?name=articles/show&aid=637&title=Fake-Applications-in-Browser.It is written in czech language, so you must read it with (Google)translator.


Roman Kümmel aka .cCuMiNn.
http://www.soom.cz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] NOPcon 2013 - Call for paper - Istanbul , Turkey
Next by Date: Re: [Full-disclosure] "Data-Clone" -- a new way to attack android apps
Previous by thread: [Full-disclosure] NOPcon 2013 - Call for paper - Istanbul , Turkey
Next by thread: [Full-disclosure] [SECURITY] [DSA 2650-2] libvirt regression update
Index(es):
- Date
- Thread