Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Silica 7.9 Sneak Peak

From: Alex McGeorge <alexm () immunityinc com>
Date: Mon, 09 Apr 2012 14:20:20 -0400
Aloha again lists,

At Infiltrate 2012 my pal Mark Wuergler made a pretty awesome presentation about sneaky things you could do with 
wireless [1]. Since then the Silica team have been busy implementing some of those attacks into Silica. The newest one 
is content injection to aid in stealing passwords saved in the browser. You can check it out here: 
http://partners.immunityinc.com/movies/Silica-BrowserAutoFill-Take2.mov

The attack works like this: you go to a site's login page that's served over HTTP, you login and allow the browser to 
store your password, later if you're within reach of a Silica we can inject a form which will trick the browser into 
populating the username and password fields and have some accompanying JavaScript to send us the results.

I can already hear you thinking "but wait AlexM, if the login page doesn't have SSL can't I just grab the password out 
of the air?" Don't forget that it's very common practice for forms to be delivered in the clear but the data that is 
populated in them are POSTed to an SSL resource which means no free passwords.  And of course it would still be 
required the user to actually log in to the page. With our attack there's no need to log in or have an active session, 
the target just has to visit the page and Silica will intercept the connection, inject the form and harvest delicious 
the passwords. You can even add your own forms to gain access to passwords for additional sites. Further, if a login 
page is served over SSL but the target previously saved the password on an non-SSL version (which happens more than 
you'd think!) then this attack will still work.

Our last video received a lot of fan fare in part due to our commitment to continuing education for IT Security 
professionals on topics outside of what could be considered the norm. Unfortunately this video does not have that same 
educational finale so as a humble act of contrition we have another link that may help you with life skills [2].

Cheers,
-AlexM

[1] http://www.immunityinc.com/presentations.shtml (All the videos are pretty good if it's a slow day for you)
[2] http://imgur.com/2nriQ

-- 
Alex McGeorge
Immunity Inc.
1130 Washington Avenue 8th Floor
Miami Beach, Florida 33139
P: 786.220.0600

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: