FFsniFF (FireFox sniFFer)

FFsniFF is a simple Firefox extension, which transforms your browser into the html form sniffer. Every time the user click on 'Submit' button, FFsniFF will try to find a non-blank password field in the form. If it's found, entire form (also with URL) is sent to the specified e-mail address. It also has the ability to hide itself in the 'Extensions manager'. This extension is meant to be as an example of the 'evil side of Firefox extensions'.


FFsniFF has no GUI (so the only way how to find it is looking into Extensions window*) and it cannot be configured after installation. You have to edit it by hand to change the settings (e-mail address, SMTP server..). Please look into the file chrome/content/ffsniff/ffsniffOverlay.js .
* as from version 0.2, the FFsniFF has the ability to hide itself from 'Extensions manager'

From version 0.2 there's a package creator script (written in Python) which will ask you some questions and create 'xpi' package for you, so there's no need of manual configuration any more (just run the file 'pkg_creator.py').


Current: ffsniff-0.3.tar.gz

Old: ffsniff-0.2.tar.gz
Old: ffsniff-0.1.xpi


azurIt, azurit (at) pobox (dot) sk, azurIt@IRCnet


17.06. 2008: version 0.3
  * added Firefox 3 compatibility
  * set license to GNU GPL 3
  * fixed bug when e-mails stopped working in some situations
  * added abality to disable hidding (usefull for debugging)

10.12. 2006: version 0.2
  * added ability to hide itself in the Extensions manager ! (using a bug in Firefox, CVE-2006-6585)
  * added support for Firefox 2.0
  * added 'package creator' script
  * added 'hidden' property to install.rdf so FFsniFF will not show up in the
    Extensions manager when installed as a _global_ extension
  * fixed 'Improper use of SMTP command pipelining' error on some SMTP servers
  * fixed few seconds delay after submitting a form (no delay now)

01.03. 2006: version 0.1
  * initial release