Professional Documents
Culture Documents
Firefox (In) Security: Prasanna K Dead Pixel
Firefox (In) Security: Prasanna K Dead Pixel
Prasanna K
What & Who
This presentation demonstrates
strength of the Mozilla platform and
how some of the features could be
Independent
IndependentSecurity
SecurityResearcher
Researcher
Mis-Used by malicious users.
This presentation is intended DeadPixel
DeadPixelGroup
Group
to dispel a common Myth
Enjoy
EnjoyPython
Pythonand
andrarely
rarelyCC
Introduction
Mozilla Platform
Attacking Firefox
Malicious Extensions
XCS
Some basic points to watch….
Chrome:
It could be used to indicate a
“Special Trusted Zone” within the URL
URLScheme
Scheme“chrome://”
“chrome://”
Mozilla Platform
Extensions
Extensionsare
areChrome
ChromePackages
Packages
XUL,
XUL,XBL,
XBL,CSS,
CSS,JavaScript,
JavaScript,DTD,
DTD,images
images
Mozilla Platform
XUL (pronounced "zool") :
Mozilla's XML-based language that lets
you build feature-rich cross platform
applications that can run connected or
disconnected from the Internet.
XML
XMLUser
UserInterface
InterfaceLanguage
Language
<?xml version="1.0"?>
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<window id="vbox example" title="Example 3...." Extension
ExtensionUser
UserInterface
Interface....
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<vbox>
<button id="yes" label="Yes"/>
<button id="no" label="No"/>
<button id="maybe" label="Maybe"/>
</vbox>
</window>
Mozilla Platform
XBL:
XML-based markup language used
to declare the behavior and look of
XUL-widgets and XML elements. XBL
XBLvv2.0
2.0
Necko
Web Services
Malicious Extensions
XCS
Now that we have seen
the basic Architecture Bypassing Wrappers
now for some Fun
XBL Injection
Attacking XPCOM
Extensions
Extensions Add functionality to
Firefox, Thunderbird and Sea-
Extensions (XPI) = Archive of files
Extensions (XPI) = Archive of files
monkey.
/install.rdf
XUL
XULOverlay
Overlayisisway
wayofofattaching
attachingXUL
XULtotoexisting
existing
/components/* Firefox XUL
Firefox XUL
/components/cmdline.js
/defaults/
/defaults/preferences/*.js
/plugins/*
/chrome.manifest
/chrome/icons/default/*
Easily
EasilyDistributable
Distributable
/chrome/
/chrome/content/
Malicious Extensions
1.
2.
Log all Key Strokes and Send Remotely
Execute Native Code
DEMO
3. Crack Stored passwords
4. Add malicious site to No Script.
Interesting Finds
DEMO
XBL Injection
https://developer.mozilla.org/en/Security_best_practices_in_extension
s
Tools
Firebug
XULWebDeveloper
XPComViewer
Venkman
Console2
Burp
Last Words
prasanna@deadpixel.org