What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

More Fun with Firefox

If you give the about: credits command while online, you will get a list of volunteers who have been writing Firefox. For even more fun, click the last link on the bottom of the page. This takes you to http://bonsai-www.mozilla.org/cvslog.cgi?file=mozilla-org/html/credits/index.html&rev=&root=/cvsroot/) As of today (Nov. 27, 2006) this is where you can explore how the volunteers who write Firefox collaborate and also get all their email addresses. Security alert: spam spiders could harvest addresses from
this page!

To read the license that allows you to modify and give away copies of Firefox, type:

about: license

Here's another trick: type "C:\" into the URI window. This changes to file:///c:/" and displays a directory listing of your hard drive. Some websites try to fool people by claiming to know what is on your hard drive. They do this by making a link to file:///c:/ on their website, if you use an insecure browser such as an ancient Netscape, click it and you'll see! This kind of website isn't really reading your entire hard drive, it's just making your browser display this information to you and you alone.

Now try the same command of C:\ with the URI window of Internet Explorer (IE). Yes, it shows the contents of your C drive, and it does something really scary, too. From the URI window on Internet Explorer you can click through the contents of your hard drive and when you double click on a program it will automatically run. (I fthis doesn’t work when you try it, that will mean Microsoft finally fixed this security hazard.) The reason this is scary is that it proves that IE can launch all sorts of programs, and this includes viruses, worms, Trojans, spyware and adware. Firefox is safer to use than IE because it doesn't carelessly launch programs. This makes it much safer to visit potentially malicious websites.

You can find other fun things by typing commands into the URI window. Try
About:plugins
About:mozilla
About:

If you click on about:mozilla directly from this page it will load that page, but for all the other things above you have to hand type them into the URI bar.

Here are yet more things you can type into the URI window to get interesting results:

Resource:
resource://gre/res/html.css
chrome://global/content/xul.css

How did I discover these commands? I didn't find out about them from other hackers. OK, OK, long ago (1996) a friend told me to type in "about: Mozilla" into the URI window of a Netscape browser, which is the ancestor program to Firefox. All the rest was easy to discover once I got the basic idea. At first I just tried random things, but then a light bulb went on inside my head and I fired up a hex editor, muhahaha!

If you are serious about hacking, you need a hex editor! Basically a hex editor is named after the hexadecimal number system, and when you use one to view a compiled program you will find out why right away. I use a hex editor to find things that look like words inside compiled programs, because they usually mean something important. I found all the above commands (except for about: Mozilla) that way. Check out this screen shot below for an example of where I found the chrome://global/content/xul.css trick. If you can't read all the details on your monitor, click here to get a larger view of this screen shot. I used the Cygnus hex editor for this, free from http://www.tucows.com/preview/333743.

Finding Chrome in all the right places:)

Newbie Note: A compiled program is, basically, a bunch of zeroes and ones that your computer's central processing unit (CPU) sees as the command for how to run a program. When you write a program in, for example, C or Java, you run your commands through a compiler and the result is a string of zeroes and ones that make sense to the CPU of your computer. A hex editor interprets those zeroes and ones in a way that makes the compiled program easier for us humans to understand.

Once you get your hex editor running, you can find lots of fun things by opening the biggest file in the Firefox program directory: firefox.exe. That file, my friend, means happy hacking!

Looking around at the text items in the editor, I saw several entries that included the term "resource:" So I tried simply giving the command "resource:" in the Firefox URI window. I hit enter and this turned into "resource:///" in the URI window and this gave a directory listing of everything in the program directory for Firefox.

Next I found several instances of the word "transformiix". This did nothing in the URI window, so next I went to the Mozilla website, put in "transformiix" at their search box and got an answer at http://www.mozilla.org/projects/xslt/ . According to that site, "XSLT (XSL Transformations) is a language used to transform XML document into other XML documents. The implementation of XSLT in Mozilla is done in the TransforMiiX module. You can use it either as part of the lizard, or as standalone processor."

More Fun with Firefox --->>


Back to the Guides to (mostly) Harmless Hacking --->>  
Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

© 2013 Happy Hacker All rights reserved.