Browser Vulnerabilities

Browser Vulnerabilities 

Due to the confidential information sent over web pages, web browsers are frequently the main attack targets. Regrettably, these browsers also have a lengthy history of flaws that already have given hackers access to a good and practically limitless number of targets. Browser one and other browsers generally keep login information in secured servers, and the three browsers purposefully expose the accompanying private keys in specific places by configuration (Carr & Shahandashti, 2020). The ability to create incredibly complicated passwords is indeed an aspect that every reputable password manager tool provides. Although it is feasible to create a password with browser two, the credentials are not secure, and the functionality is not user-friendly. How browser two proposes usernames has a few issues: There is no way to locate the option elsewhere within the site if one wishes to; this proposed login tool only appears when you enable account syncing. 

Furthermore, it is astonishing that none of these three sites ask the user to enable the supplementary "master" or "primary" passcode protection measures they offer to safeguard their credentials. The result of this site architecture or design is that every password and login credential saved by the website can be effortlessly extracted if someone manages to enter a user’s PC via spamming, spyware, or other types of vulnerability. This puts the users at risk of hacking.  

Security Add-Ons 

Browser-related risks can be prevented by adding add-on security extensions depending on an individual's browser. For instance, users who prefer browser one could use Internet data protection that is easy to use and flawless; the security extensions include; tracker blocking, cookie protection, DuckDuckGo private search, email protection, HTTPS upgrade, and many other features that grant them security. Every web security user knows that every browser's security extension differs from the other. Some of the add-on security extensions for chrome sites include; Avast antivirus (Hiremath et al., 2019). It is an antivirus application that guards against viruses and other threats. Despite being a "little" application, it also features a web tracking blocker, which is a prominent aspect. Online monitors are programs run on internet sites that gather information about an individual's interactions. Windows Defender for browser two also shields users from malicious software, email spam, and other odd behavior. It continually searches the computer for harmful and damaging behavior and stops unsolicited installations from already flagged dangerous websites.  

Consequently, the browser three browser applies some security extensions while attempting to shield users from various online attacks. The Browser Security Plus extension control browser effectively provides user password security that prevents sharing of any credentials visible to hackers (Kwon et al., 2019). Alongside the software, the Site Safety Plus extension is a device that assists IT administrators in protecting their site's network from browser dangers. IT administrators can: Identify the network-wide presence of susceptible web attachments like configurations and plugins with Internet Security Plus. The device can also manage access to the web, browser add-ons, and web downloads.  

Password Storage 

Browser one stores your profile folder in this location on your computer by default: 

C:\Users\<your Windows login username>\AppData\Roaming\browser1\Profiles\. Windows hides the AppData folder by default. Passwords are stored in this profile using key4.db which stores the master key for 3DES decryption of all passwords stored in logins.json, along with a “password-check” value that is used to validate decryption of the master key. 

Browser two passwords are stored in SQLite database, but passwords are encrypted using CryptProtectData, which is a Windows API function for encrypting data. Data encrypted with this function is solid. It can only be decrypted on the same machine and by the same user that encrypted it in the first place. 

Browser three passwords are also stored in an SQLite database field called ‘Login Data’ in the browser user profile. Specifically, in %localappdata%\browser2\UserData\Default. The file itself is not encrypted, but each password is. 

Cookies and Mac Addresses 

Browser one stores cookies in %APPDATA%\Profiles\browser1\Profiles\randomstring.default\. You can find profile passwords in a file called logins.json (located in the profile folder). They are encrypted but the secret to decrypt them is in a file called key4.db which is located in the same folder. 

The usual storage for cookies in browser two is %LocalAppData%\browser2\User Data\Default\cookies. 

In comparison, the browser three browser is %LocalAppData%\browser3\User Data\Default\cookies. 

Malicious Extension

One attack vector for a browser’s built-in password manager is for a malicious to listen for “input” event within specific fields webpage by their HTML name. When a browser uses its auto-fill function it will create events by completing the auto fill. Most notably an input has to occur in order for the auto fill to complete and this event has a type associated to it. In Browser One’s case the input type is “insertReplacementText”. This is one of the specific event types that can be listened.  

Knowing how Package One’s extension auto fills data is an important stop to understanding how to gather information from its behavior. Since they use simulated key-presses, or what many call “auto-type” we know we cannot listen for the event type that worked with the browser-based manager. While it can be theorized that there is an event type one could listen for to gather information from Package One’s auto type feature. However, since it is using key inputs the more effective way to gather information is watch for changes in the password field and report them just like in the first half of the extension, but the key difference is any change in the field will trigger this. An example of this can be seen below. 

While it is worth noting that most of the browsers in use have a review process for extensions when they are added to the respective store. It is also possible for a bad actor to trick a user and have a script to install this extension into a user's browser without them knowing. Below are some experts from the extensions code. 

Disclaimer: This code is for educational purposes only. Do not use to violate anyone's privacy. This code is not for malicious or illegal purposes.

References 

Carr, M., & Shahandashti, S. F. (2020). Revisiting security vulnerabilities in commercial password managers. In ICT Systems Security and Privacy Protection: 35th IFIP TC 11 International Conference, SEC 2020, Maribor, Slovenia, September 21–23, 2020, Proceedings 35 (pp. 265-279). Springer International Publishing. https://link.springer.com/chapter/10.1007/978-3-030-58201-2_18 

Hiremath, P. N., Armentrout, J., Vu, S., Nguyen, T. N., Minh, Q. T., & Phung, P. H. (2019). MyWebGuard: toward a user-oriented tool for security and privacy protection on the web. In Future Data and Security Engineering: 6th International Conference, FDSE 2019, Nha Trang City, Vietnam, November 27–29, 2019, Proceedings 6 (pp. 506-525). Springer International Publishing. https://link.springer.com/chapter/10.1007/978-3-030-35653-8_33 

Kwon, H., Nam, H., Lee, S., Hahn, C., & Hur, J. (2019). (In-) security of cookies in HTTPS: Cookie theft by removing cookie flags. IEEE Transactions on Information Forensics and Security, 15, 1204-1215. https://ieeexplore.ieee.org/abstract/document/8820079/