Firefox API hooking with Immunity Debugger
Firefox uses a function called PR_Write
to write data into a TCP socket. This function is located inside a DLL module called nss3.dll
. For this demonstration, we need to prepare a Twitter account. Once that account is created and you are logged in, sign out of the account and then log in again. Since we use LastPass, the login credentials will already have been entered by LastPass. Once we click on the Log in
button, what will happen behind the scenes?
Behind the scenes, Firefox will load the nss3.dll
library and call the PR_Write
function to submit the data (login ID and password). Once Firefox performs these steps, we'll set up a breakpoint and intercept traffic. Let's start by installing theImmunity Debuggersoftware from https://debugger.immunityinc.com/ID_register.py. The installation part is quite straightforward. Immunity Debugger will get the process ID of the browser process and attach a debugger to the PID in one shot. We just need to attach...