Monthly Archives: December 2013

historyStealer

Computers, Evil, Security

I have started writing some malicious code for fun lately. The first one is a chrome history stealer. As the name goes, it uploads the history file to a remote FTP server of the attacker’s choice.

Why History?
I believe in this quote

“Show me a man’s browser history, i will tell you who he (is) (was) (will be)”

Browser history is one of the most sensitive information on your computer, it can be as sensitive as a passwd file. The reason being, the amount of time people spend on the Internet. Going through one’s browsing history is like pop opening one’s brain and walking right through it. The whole human thought process can be visualized on examining a browser history.

Okay, you’ve got me watching pr0n, is that it?
Browser history contains more interesting things to analyze than just to determine if someone is watching pron or not. It is like robbing a car parked on the garage of an unlocked house, instead of going for the whole house. Browser History contains patterns, what you like, what you don’t like. What you do when you are happy, what you do when you are sad. Who do you stalk on Facebook, what all the shameless ‘How to’s’ you googled for. Infact, this the patttern which Google uses to determine appropriate ads for you and display. In other words the Internet’s browsing pattern is worth 42 Billion $.

The pattern can be used to predict behavior, uncover lies, expose desires, determine knowledge and even more. A wonderful research area would be to work on generating a model based on browser history which would determine/predict/assert possible actions that might be taken by the owner of the browser history.

Code:
I decided to write this one off in C#, to stay in touch with it since my initial encounter on last summer. A throwaway free hosting account is all you need to get started with this. The downside of free hosting was, i cannot have a single file of more than 10Megs in size.
Hence i had to compress the file before uploading.

DISCLAIMER: Do not run this code on a machine without the owner’s permission, For education purposes only.

nktService.py

Computers

It is here, a service to report back how many times your friend changed his picture in Facebook. Thanks to my friend Naveen for changing his picture quite often which eventually gave birth to this tiny script.

#!/usr/bin/python
import socket
import feedparser
#FB Notificiation RSS Parse
def fbParse():
cover = 0
profile = 0
fbFeed = feedparser.parse('_YOUR_FB_RSS_FEED_URL')
for post in fbFeed.entries:
view raw nktService hosted with ❤ by GitHub

An ideal way to do such tasks would be to put the graph API in use, but i wanted to roll out this feature in an hour since someone already complained about, him changing his picture frequently. It’s all about the timing, no?

This script uses your personal Facebook RSS Notification feed, from which items of interest are parsed. Since i didn’t want to bind my RSS Notification Feed URL in a program and distribute it to all, i made this as a client server program. The client can be a custom written one or a standard utility like netcat.

For more information on how to get this running, visit the repository.

Happy Hacking!