Greasecarnaval

published: January 18th, 2007

What I like about Greasemonkey is that I can quickly add features to existing applications. I can also build new applications by mashing up existing ones. Thatâ€™s cool. People love user scripts. They are great. But will happen if you install a script that has been maliciously backdoored? Here is a POC that you can use with GNUCITIZEN Carnaval. Attach this script to the browser you want to take control of. Visit Carnavalâ€™s Backframe console. Command the browser.

http://www.gnucitizen.org/blog/greasecarnaval/greasecarnaval.user.js

» more | » comments rss | posted by pdp | syndication and integration ( )

Comments

pagvac responds:

Although I haven’t tested it, I can see its power. I love simple yet effective tools like this. Nice one :-)

pdp responds:

This is how much it takes to backdoor a Greasemonkey script. That thing catches u on every site u go.

Respond

In order to preserve the high standards of GNUCITIZEN, before you post a comment, please take note of the following guidelines:

Commenting is provided as a courtesy only.
Please be brief and relevant to the post.
Please be polite even in disagreement with us or others.
Support claims you wish to make using sources and links.
No personal attacks, name calling, or commercial commenting.
Anyone creating false or multiple identities will be banned.
If you don't have a cogent argument, you will be censored.
If you are purposefully deceptive, you will be censored.
No spamming or flooding.

We appreciate your time and effort in contributing to GNUCITIZEN.

name: (required)

mail: (required)

website:

comment:

GNUCITIZEN Products

	Blogsecurify is a division of GNUCITIZEN. The initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.
	Netsecurify is a division of GNUCITIZEN. The initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta.
	Websecurify is a division of GNUCITIZEN. The initiative was established to provide a free web application security framework for automated and manual penetration testing. The service is still in private-beta.
	Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.
	Securls serves as an information security intelligence tool, combining news and articles from the best information security resources online.