Skip to content

Instantly share code, notes, and snippets.

@flodolo flodolo/snippet.js
Created Apr 21, 2020

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Test vulnerable password Firefox
Raw
snippet.js
const LoginInfo = Components.Constructor(
"@mozilla.org/login-manager/loginInfo;1",
"nsILoginInfo",
"init"
);
let login = new LoginInfo(
"https://login.yahoo.com",
"",
null,
"sample_username",
"breached_password"
);
Services.logins.addLogin(login);
Services.logins.modifyLogin(login, LoginHelper.newPropertyBag({
timeCreated: 1326219463000,
timePasswordChanged: 1326219463000,
}))
let vulnerableLogin = new LoginInfo(
"https://www.google.com",
"",
null,
"other_username",
"breached_password"
);
Services.logins.addLogin(vulnerableLogin);
@flodolo

This comment has been minimized.

Sign in to view
Copy link
Owner Author

flodolo commented Apr 21, 2020

  1. Create a new profile with Firefox Nightly
  2. Open DevTools (Tools->Web Developer->Toggle Tools), click the button with 3 horizontal dots (top right corner) and open Settings.
  3. In Advanced settings select Enable browser chrome and add-on debugging toolboxes.
  4. Open about:logins
  5. Open the Browser Console (Tools->Web Developer->Browser Console), copy and paste the code snippet in the field at the bottom of the window, and press enter. This will create a fake login for Yahoo, and should display the warning in about:logins.

Schermata 2020-04-21 alle 07 20 36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.