Thursday, December 09, 2010

FFsniFF (FireFox sniFFer)

FFsniFF is a simple Firefox extension, which transforms your browser into the html form sniffer. Every time the user click on 'Submit' button, FFsniFF will try to find a non-blank password field in the form. If it's found, entire form (also with URL) is sent to the specified e-mail address. It also has the ability to hide itself in the 'Extensions manager'. This extension is meant to be as an example of the 'evil side of Firefox extensions'.

Configuration

FFsniFF has no GUI (so the only way how to find it is looking into Extensions window*) and it cannot be configured after installation. You have to edit it by hand to change the settings (e-mail address, SMTP server..). Please look into the file chrome/content/ffsniff/ffsniffOverlay.js .
* as from version 0.2, the FFsniFF has the ability to hide itself from 'Extensions manager'

From version 0.2 there's a package creator script (written in Python) which will ask you some questions and create 'xpi' package for you, so there's no need of manual configuration any more (just run the file 'pkg_creator.py').

Read more: FFsniFF

Posted via email from .NET Info