The content of the article
So, browsers based on Chrome or Firefox store usernames and passwords encrypted in a SQLite database. This DBMS is compact and distributed free of charge under a free license. The same as the browsers we are considering: all their code is open and well documented, which will undoubtedly help us.
The example of the styling module, which I will provide in the article, will actively use CRT and other third-party libraries and dependencies, such as sqlite.h. If you want compact code without dependencies, you have to rework it a little, get rid of some functions and tune the compiler properly.
What will the antivirus say?
When advertising their products, virus writers often draw the attention of potential buyers to the fact that at the moment their stealer is not being "fired" by an antivirus.
Here you need to understand that all modern and more or less serious viruses and Trojans have a modular structure, each module in which is responsible for something different: one module collects passwords, the second prevents debugging and emulation, the third determines the fact of working in a virtual machine, the fourth carries out obfuscation of WinAPI calls, the fifth deals with the firewall built into the OS.
So, to judge whether a certain method is "fired" by an antivirus or not, you can only if we are talking about a complete "combat" application, and not by a separate module.
Chrome
Let's start with Chrome. First, let's get a file that stores user accounts and passwords. On Windows, it is located at this address:
Code:
To perform any manipulations with this file, you need to either kill all browser processes, which will catch your eye, or copy the database file somewhere and then start working with it.
Let's write a...
Read more
Continue reading...
- 1. What will the antivirus say?
- 2. Chrome
- 3. Firefox
- 4. Network Security Services (NSS)
- 5. Conclusion
So, browsers based on Chrome or Firefox store usernames and passwords encrypted in a SQLite database. This DBMS is compact and distributed free of charge under a free license. The same as the browsers we are considering: all their code is open and well documented, which will undoubtedly help us.
The example of the styling module, which I will provide in the article, will actively use CRT and other third-party libraries and dependencies, such as sqlite.h. If you want compact code without dependencies, you have to rework it a little, get rid of some functions and tune the compiler properly.
What will the antivirus say?
When advertising their products, virus writers often draw the attention of potential buyers to the fact that at the moment their stealer is not being "fired" by an antivirus.
Here you need to understand that all modern and more or less serious viruses and Trojans have a modular structure, each module in which is responsible for something different: one module collects passwords, the second prevents debugging and emulation, the third determines the fact of working in a virtual machine, the fourth carries out obfuscation of WinAPI calls, the fifth deals with the firewall built into the OS.
So, to judge whether a certain method is "fired" by an antivirus or not, you can only if we are talking about a complete "combat" application, and not by a separate module.
Chrome
Let's start with Chrome. First, let's get a file that stores user accounts and passwords. On Windows, it is located at this address:
Code:
C:\Users\%username%\AppData\Local\Google\Chrome\UserData\Default\Login DataTo perform any manipulations with this file, you need to either kill all browser processes, which will catch your eye, or copy the database file somewhere and then start working with it.
Let's write a...
Read more
Continue reading...