Aloha again lists, At Infiltrate 2012 my pal Mark Wuergler made a pretty awesome presentation about sneaky things you could do with wireless [1]. Since then the Silica team have been busy implementing some of those attacks into Silica. The newest one is content injection to aid in stealing passwords saved in the browser. You can check it out here: http://partners.immunityinc.com/movies/Silica-BrowserAutoFill-Take2.mov
The attack works like this: you go to a site's login page that's served over HTTP, you login and allow the browser to store your password, later if you're within reach of a Silica we can inject a form which will trick the browser into populating the username and password fields and have some accompanying JavaScript to send us the results. I can already hear you thinking "but wait AlexM, if the login page doesn't have SSL can't I just grab the password out of the air?" Don't forget that it's very common practice for forms to be delivered in the clear but the data that is populated in them are POSTed to an SSL resource which means no free passwords. And of course it would still be required the user to actually log in to the page. With our attack there's no need to log in or have an active session, the target just has to visit the page and Silica will intercept the connection, inject the form and harvest delicious the passwords. You can even add your own forms to gain access to passwords for additional sites. Further, if a login page is served over SSL but the target previously saved the password on an non-SSL version (which happens more than you'd think!) then this attack will still work. Our last video received a lot of fan fare in part due to our commitment to continuing education for IT Security professionals on topics outside of what could be considered the norm. Unfortunately this video does not have that same educational finale so as a humble act of contrition we have another link that may help you with life skills [2]. Cheers, -AlexM [1] http://www.immunityinc.com/presentations.shtml (All the videos are pretty good if it's a slow day for you) [2] http://imgur.com/2nriQ -- Alex McGeorge Immunity Inc. 1130 Washington Avenue 8th Floor Miami Beach, Florida 33139 P: 786.220.0600 _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
