Firefox is known as the most used web browser in the world. But only few people know how malicious code can be embedded in your Firefox without Antivirus or Firewall even notice it. In this case, You’re about to see how powerful Firefox keylogger addon is. Its ability to log the keystrokes whenever a victim type something within his browser is the main fun part of this firefox keylogger addon.

Here’s the short excerpt taken from the artile written by armando romeo :

My small POC consists of a keylogger written in javascript and embedded into Firefox browser in form of extension. This code can be injected into any known/famous addon without even noticing it since it creates no warnings at Antiviruses (it’s just legal javascript) and no warning from Firewalls since the logs of the keystrokes are sent through Firefox on port 80 to a malicious server.
Firewalls allow Firefox on port 80 if you want to browse the internet, so no way to understand what’s going on under the hood unless you track all the packets going out of your internet interface. The POC is an installable extension that once installed it doesn’t add anything to the Firefox appearance.

Get it here : http://www.hackerscenter.com/public/Firefox_poc/poc_keylogger.zip
More information :
http://blogs.hackerscenter.com/2008/04/firefox-addons-threat.html

The addon which is used in the video might not related to the firefox keylogger addon created by armando , but it’s still nice to watch anyway. So here’s the firefox keylogger addon video :

Firefox Keylogger from Jabra on Vimeo.

Related articles :

• Orange UK exiles Firefox from call centers (theregister.co.uk)
• Mozilla To Launch “Build Your Own Browser” (tech.slashdot.org)
• Mozilla to let enterprise users build custom Firefox-based browsers (downloadsquad.com)

It’s a bit late to introduce this tool anyway , but it’s still interesting to talk about this tool! The tool is called Browser Fuzzer 2 , developed by Jeremy Brown @ Krakow Labs. This tool allows you to fuzz any browsers you’d like to fuzz by fuzzing CSS,DOM,HTML and JavaScript. The main purpose of this tool is to fuzz web browsers as they process data and render content.

How to use Browser Fuzzer 2 :

1) Set up a place for output and pick a fuzzing phase.

rush@linux:~$ mkdir fuzz
rush@linux:~$ perl bf2.pl -o /home/rush/fuzz -p 4

Krakow Labs Development [krakowlabs.com] -> bf2
“Browser Fuzzer 2 — The bugs cannot hide anymore”
rush@KL (Jeremy Brown) [rush@krakowlabs.com]

bf2[phase four] JS Process Engaged. This could take some time (and disc space)!

[STAGE-> 1] Writing fuzz data to /home/rush/Desktop/fuzz
[STAGE-> 2] Writing fuzz data to /home/rush/Desktop/fuzz
[STAGE-> 3] Writing fuzz data to /home/rush/Desktop/fuzz
[STAGE-> 4] Writing fuzz data to /home/rush/Desktop/fuzz
[STAGE-> 5] Writing fuzz data to /home/rush/Desktop/fuzz

bf2[phase four] JS Process Complete (Final Count: 8004). Point your browser to /home/rush/fuzz/js1.html and monitor for exceptions

rush@linux:~$

2) Open the browser you wish to fuzz (in a debugger or with one attached if you like) and send it to the address of
xxxx1.html, where xxxx is the name of the phase you selected to fuzz.

Download Browser Fuzzer 2 : http://www.krakowlabs.com/dev/fuz/bf2/bf2.tar.gz

Related articles :

• Internet Explorer? Tuibguy says “No, Thanks!”
• TV Repair Update
• Internet Explorer security alert: Your questions answered

If you’re a regular network security pentesting guy , you must have used mostly network security tools to secure/pentest the network. Well , you should now add Network Security Toolkit (NST) to your list. As a bootable Network Security Toolkit , NST will provide you with some network security related tools inside the distro. When you reboot a system with the NST CD-ROM loaded, a trimmed-down version of Redhat Linux 9 opens. After the OS is running, you can access the tools on the CD-ROM through the local console, through a serial connection, via the network from another system, or through a Web browser.

Here are some packages you’ll find in NST v1.8.1 :

cadaver
ccrypt
davfs2
firefox flagfox add-on
http_ping
libportaudio
lua
psyco
radialnet
ruby
rubygems
wvdial
argus to version 3.6.
BASE interface to version 1.4.1.
dmidecode to version: 2.10.
elinks to version 0.11.5.
firefox add-on LinkChecker to v0.6.3.
firefox to version 2.0.0.19.
fwbuilder to version 3.0.3.
GeoIP tool to version: v1.4.5.
inprotect to version 0.80.2.
iperf to version: 2.0.4
ipmitool to v1.8.10.
metasploit to version: 3.2.
nikto to version 2.03.
nmap to version: 4.76.
ntop to version: 3.3.9 svn: 3648.
open-vm-tools to version: 2008.12.23-137496.
phpMyAdmin to version: 3.1.1.
phpPgAdmin to version: 4.2.2
quickrestart to version: 1.1.3.
snort to version 2.8.3.1.
wireshark to version 1.0.5.
zenmap to version: 4.76.

Download NST v1.8.1 ISO : http://downloads.sourceforge.net/nst/nst-1.8.1.iso.gz
Read NST v1.8.1 Documentation :http://24.97.150.195/nstwiki/index.php/Main_Page

Related articles by Zemanta

• Step-by-Step: The Do-It-Yourself Security Audit
• Step-by-Step: The Do-It-Yourself Security Audit
• Change Chrome’s channel to get beta features

Almost of Myspace Users are dying to know how to hack private myspace profiles. Hacking private Myspace Profiles is the way too old shcool now (and I don’t think there’s still a quite security hole on Myspace anymore). You must have noticed that the only way that you can view the private myspace profiles is by adding them as friends but most of you just want to do that in some particular reasons (even it’s mostly because you don’t know them). Viewing private Myspace profiles can be very tricky , since the security hole has been patched since 2006 , and you guys still want to hack private myspace profiles ?

I don’t blame you if you’re dreaming to be able to hack private myspace profiles. But please be realistic , there’s no trick that lasts forever dude! But in this article , I want to share a trick that I found on someone’s blog about hacking private myspace profiles. MySpace private profiles are a great feature, however they can be a real annoyance when it comes to finding friends that you haven’t seen in a long time, or becoming friends with people that you think look cool. So many MySpace users have been trying to find a way around to view private MySpace profiles, but this private profile hindrance keeps stopping them.

Now,here’s the working method in hacking private myspace profiles 2009 :

Firefox with Google Toolbar is 100% free, there is no catch or anything extra you have to do besides download it and run it. The best part is, you don’t have to replace your current web browser like Internet Explorer with it. You can keep this and only run it when you want to view private MySpace profiles

Ok, now after clicking on the download link, you can download and run the program to install Firefox immediately by selecting the “Run” option. However, you also have the option to save the file to your computer by clicking on “save”. Then once downloaded on your computer, you can run the file by clicking on it where you saved it. It will then go through the installation process. Once the installation process is completed, you will need to run Firefox to get onto the internet. Then you will be able to start the MySpace private profile process.

First, sign into your MySpace account. Then go to the private MySpace profile that you are trying to view. Once you’re there, here is what you do:

- Click on the “View” link in on the menu bar in Mozilla Firefox.

- Next, in the drop-down, select “Page Style”.

- You will then see two options. Select “No Style” from these options.

It’s that simple!

Related articles :

• Browsing History
• Browser wars update: Firefox is up, IE is down, Google dumps IE6
• Google’s Browser Security Handbook
• Internet Explorer Ends the Year with Market Share Losses to Firefox, Safari, and Chrome