You can get anybody’s internet account password, if you have Mozilla Firefox browser with an add-on named HTTPFox installed.

HTTPFox sits in between the network and FF browser and captures all the traffic in between. You can view the Requests and Responses going in between. When you enter an information into a form on a web page like a login page and click the submit button you are sending the information either as a GET or as a POST request to the web server. Example of a GET request is what you enter in a Google Search box. When you click search you can see that the results page will have a URL like :- http://ww.google.com/search?q=SEARCH QUERY (it may have some more creepy stuff like your browser info or your language preference but the basic structure is this) You can see that the part you entered is visible along with the URL.

POST requests are different in that you can’t see the data as part of the URL. An example would be any login information you enter on a website.

Follow these steps : (Checkout this Screenshot for detailed instructions)

1. Install HTTPFox extension for FireFox.

2. Restart Firefox, now you will see a small green and blue icon on the lower right side of the status bar.

3. Click on the icon to expand HTTPFox pane and go to any login page.

4. Click Start to start the capture. Enter the login information (username, password) and click Submit (or hit enter)

5. You will seethe data transfer in a categorised and formatted way here. Look at the 5th column named Method. Most of it will be GET. Click on it to bring the POST ones on top. Select a post transfer by clicking on it and then Click POST Data tab on the lower pane of HTTPFox. Here select Raw radio button. check for the sername somewhere in the string shown. Near to the username will be the password. Before each variable (password username etc) you can see an = symbol)

6. This is the password you need. To make this a stealth operation , after Start minimise the HTTPFox window. And whe nobody is arround open the window stop the transfer and look for the password.

As you get familiar with this it will be a lot easier to findout the password from the RAW data. For any webpage use all caps testusername and teastpassword approach shown in the screenshot to locate the password field.

If you have any questions or doubts contact me or leave a comment.

There was a small introduction on how files are recovered from magnetic media in the last post. In that post I had said about using repeated overwrites to render a file unrecoverable. Sdelete is a command line utility that can wipe off a file and its traces completely from your hard disk without leaving a chance for recovery. If you have some data that you don”t want others to know about, you can “securely delete” it using sdelete.

sdelete is a tool from sysinternals to erase data from Disk drives completely. It can delete data from USB drives, floppy drives, or hard disk drives. sdelete can also cleanup the freespace avilable on any drive with zeros and delete directories recursively.

You need to download the zip file from sysinternals site, extract it to C:\WINDOWS or C:\WINDOWS\system32 folder (or you can add the folder you are extracting to the PATH variable in Windows environment). so that it can be directly accessed from command prompt.

Usage :

sdelete [-p passes] [-s] [-q] <file or directory>
sdelete [-p passes] [-z|-c] [drive letter]

sdelete is free, light and installation free. You can control the number of passes (overwritings) that has to be done and moreover previously deleted file data can also be cleaned using the free space cleaning facility.

Download sdelete(free) (47Kb) , Visit sdelete webpage on Sysinternals

On the last article we have discussed about seeing all the files that are part of Windows. Now lets see whether we can directly access these folders. As it turns out Windows by default will not grant you permission to the folder System Volume Information.

Thats because the folder contains important System Restore Point informations. So what do you do when you can’t touch your own property. well it is there that the Windows file sharing comes into play. It may sound a little weird at first but it is true. Lets see how.

Step 1 : Go to Tools>>Folder Options and select View tab.

Here scroll down to the bottom, you can see a check box named Use Simple File Sharing (Recommended), UNCHECK the box, click APPLY and OK. Now you are done with the settings part. So just take the Properties (ALT+ENTER) or RIGHT CLICK>>PROPERTIES) of System volume Information you can see a new tab named Security here. You can see that there will be a user named SYSTEM there and it has full permission (refer picture).

You need to add your User account as a user here and give full permission to your self in order to gain access. Click Add button and type in your user name and click Check Names your user name will be filled along with the computer name automatically.

Click OK. now just click on user name of yours and check Full control. Click Apply, OK and you are done.

You can get access to files that return an “Access Denied” error by using this method. are some Files and Folders which need some more work to open I’ll discuss it in next post. Till then try this and figure out what all were hidden from you.