Breaking The Browser – A tale of IPC, credentials and backdoors

Web browsers are inherently trusted by users. They are trained to trust  websites which “have a padlock in the address bar” and that “have the  correct name”, This trust leads to users feeling comfortable entering  their sensitive data into these websites. From an attackers stand point  this trust is an amazing thing, as once you have compromised a users  workstation there is a process (with close to zero protections) handling  a relatively large amount of sensitive data while being used a great  deal by a user. Throw in password managers with browser extensions and  you have a natural target for red teams. So naturally when I found  myself with some time to spend on a research project, I decided to spend  it abusing this trust!

The rest of this post can be found on the MDSec Active Breach blog, and the code can be found here.

/EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQjxIAdCLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI/8lBizSISAHWTTHJSDHArEHByQ1BAcE44HXxTANMJAhFOdF12FhEi0AkSQHQZkGLDEhEi0AcSQHQQYsEiEgB0EFYQVheWVpBWEFZQVpIg+wgQVL/4FhBWVpIixLpV////11IugEAAAAAAAAASI2NAQEAAEG6MYtvh//Vu6rF4l1BuqaVvZ3/1UiDxCg8BnwKgPvgdQW7RxNyb2oAWUGJ2v/VY2FsYy5leGUA