Skip to content

Instantly share code, notes, and snippets.

@flodolo

flodolo/snippet.js

Created April 21, 2020 05:14
Show Gist options
  • Save flodolo/a12dddd0c5f1e16394b683216ec03af6 to your computer and use it in GitHub Desktop.
Save flodolo/a12dddd0c5f1e16394b683216ec03af6 to your computer and use it in GitHub Desktop.
Download ZIP
Test vulnerable password Firefox
Raw
snippet.js
const LoginInfo = Components.Constructor(
"@mozilla.org/login-manager/loginInfo;1",
"nsILoginInfo",
"init"
);
let login = new LoginInfo(
"https://login.yahoo.com",
"",
null,
"sample_username",
"breached_password"
);
Services.logins.addLogin(login);
Services.logins.modifyLogin(login, LoginHelper.newPropertyBag({
timeCreated: 1326219463000,
timePasswordChanged: 1326219463000,
}))
let vulnerableLogin = new LoginInfo(
"https://www.google.com",
"",
null,
"other_username",
"breached_password"
);
Services.logins.addLogin(vulnerableLogin);
@flodolo
Copy link
Author

flodolo commented Apr 21, 2020

  1. Create a new profile with Firefox Nightly
  2. Open DevTools (Tools->Web Developer->Toggle Tools), click the button with 3 horizontal dots (top right corner) and open Settings.
  3. In Advanced settings select Enable browser chrome and add-on debugging toolboxes.
  4. Open about:logins
  5. Open the Browser Console (Tools->Web Developer->Browser Console), copy and paste the code snippet in the field at the bottom of the window, and press enter. This will create a fake login for Yahoo, and should display the warning in about:logins.

Schermata 2020-04-21 alle 07 20 36

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment