Chapter 9. Fun with Internet Explorer
Windows COM automation serves a number of practical uses, from interacting with network-based services to embedding a Microsoft Excel spreadsheet into your own application. All versions of Windows from XP forward allow you to embed an Internet Explorer COM object into applications, and we’ll take advantage of this ability in this chapter. Using the native IE automation object, we’ll create a man-in-the browser-style attack where we can steal credentials from a website while a user is interacting with it. We’ll make this credential-stealing attack extendable, so that several target websites can be harvested. The last step will use Internet Explorer as a means to exfiltrate data from a target system. We’ll include ...
Get Black Hat Python now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.