Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Fake Applications in browser
From: Roman Kümmel <ccuminn () soom cz>
Date: Sun, 17 Mar 2013 18:11:47 +0100

Hello to everyone,
I thought to create any Proof of Concepts about faking applications in web browser after I saw "Browser Event hijacking" (http://labs.neohapsis.com/2012/11/14/browser-event-hijacking/) with the CTRL+F trick and with fake search bar in browser.

It is possible to hijack user's admin password or their files with saved passwords or any configuration files, etc.

It is possible to make fake web browser in real web browser as well :) It allows to get Man in the middle position between users and web servers.

I presented this technique "Fake Applications in browser" in Prague at SOOM.cz Hacking & Security Conference (March 2013) and I describe it in the article http://www.soom.cz/index.php?name=articles/show&aid=637&title=Fake-Applications-in-Browser. It is written in czech language, so you must read it with (Google) translator.

Roman Kümmel aka .cCuMiNn.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Fake Applications in browser Roman Kümmel (Mar 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]