Firefox FormGrabber, IV – Who’s guilty and Conclusion

Who’s guilty ?

Both Firefox and Windows are to blame for.


Firefox simplifies the process of finding the target function PR_Write as it is inside a dll, compromising the security of the web browser.


Windows lets our malicious FormGrabber interfere with the normal Firefox’s workflow without asking any questions. It lets our process execute code within Firefox’s Virtual Address Space and more importantly it lets our malicious process change segments of Firefox code.
Continue reading

Firefox FormGrabber, III – Code Injection

How does it work ?

Proof of concept

The proof of concept is open source and can be found here : It includes instructions on how to run it on your machine.

The POC (Proof of Concept) has been successfully tested on Windows XP SP3, Windows 7 32 bits and Windows 7 64 bits with Firefox 11.0 and 12.0. Nevertheless, it has  failed to work on at least one Windows 7 64 bits computer.

The following image shows an example of network connections created by Firefox when logging in to a Facebook account. The first line represents the encrypted data sent over a secure tunnel between the web browser and (namely HTTPS). The second is a copy of the first but sent in plain text to localhost/postDemo.php. It contains the User’s email and password : “” and “guessMe”.

Firefox Hooked

Facebook HTTPS has been compromised. Users's Email and password are sent in clear text to localhots/postDemo.php

Continue reading

Firefox FormGrabber, II – Definitions and Firefox internals


Almost every sensitive information, such as passwords, login credentials, bank account numbers, credit card numbers, etc, is sent from your web browser when you fill an online “form” to a secure remote sever trough the web standard HTTPS POST.

A form grabber is a malicious code that intercepts POST data coming from web “forms” before the encryption takes place, thus avoiding the added security of the https protocol.

Continue reading

Firefox FormGrabber, I – Introduction


The following series of posts represent the completion of a university research project and a compilation of what has been said at INSA de Lyon the 26 of April 2012. You can  find the slides here. I highly encourage you to read these posts while browsing through the presentation.

I am not responsible whatsoever of the use or misuse of the information hereafter. Be wise.


  • CASTRO Rodrigo
  • COQUET Matthieu
  • SAUVAGNAT Xavier

Continue reading

The COTBLEDTCID approach to object detection and pose estimation, Part V – Circles detection


Let’s do a summary of what we have done so far:

  • COT: colour thresholding. We separated yellow objects from the rest.
  • BLED: blob edge detection. We retrieved the bottom edges of blobs (pawns).
  • T: transformation. We transformed the image’s pixels into game field points (aka. pixels to meters).

And the last step CID: Circles Detection.

As you may have already noticed, pawns and tower of pawns are in fact circles when viewed from above. Therefore, the bottom edges we found with BLED are also circles’ segments when transformed into game field coordinates (step T). This is the property we’re exploiting below.

Continue reading

The COTBLEDTCID approach to object detection and pose estimation, Part IV – Transformation


With the last step we know where the bottom edges of the pawn are located on the image, we just need to find a way to transform the coordinates of those pixels into game field coordinates.

Given a point p' from the Image plane, we’d like to transform it into p from the Game field plane. We can write:

p = H \cdot p'

We observe that straight lines are kept straight, thus H is called the homography matrix which can be computed if at least 4 different matching points are given for both planes. (p1 \leftrightarrow p1', p2 \leftrightarrow p2', p3 \leftrightarrow p3', p4 \leftrightarrow p4')

HomographyIt’s worth noticing that both p and p' points are given in homogeneus coordinates.

Continue reading

The COTBLEDTCID approach to object detection and pose estimation, Part III – Blob Edge Detection


There is still too much information we do not need on the B&W image we got on the last step. That’s why we need to extract the features we do need. One way of accomplishing this is by performing a connected component analysis in binary images, aka blob labelling. However as you’ll will see, this method is not completely adapted to our needs, so a new approach is proposed: Blob Edge Detection.

Continue reading

The COTBLEDTCID approach to object detection and pose estimation, Part II – Colour Thresholding


Images are usually too complex to be treated by computers as is. In most cases, they have to be enhanced and simplified before any algorithm can be applied on them. Fortunately for us, the rules of the contest specify that yellow is the colour of pawns and figures we are looking to detect.

Generally speaking, the purpose of Colour Segmentation is to extract information from an image by grouping similar colours. In our algorithm, we implemented colour segmentation by thresholding yellow colours, that is to say, the computer builds a black and white image from the original image where white colour represents yellow colour and black is everything else. This is called colour thresholding.

The problem is, as you may have already guessed, the notion of “yellow” colour. For humans, it is relatively easy to tell whether a colour belongs to a group of colours, but for computers this is a whole different story.

Continue reading

The COTBLEDTCID approach to object detection and pose estimation, Part I – Preface


A fancy acronym that stands for the process of COlour Thresholding, Blob Edge Detection, Transformation and CIrcle Detection used for locating 3D objects on a plane. The next series of posts will explain the software algorithms used by ClubElek on 2011 to achieve computer vision. The problems we faced, the solutions we implemented and most importantly what we have learned by doing this project.

These posts are targeted to a wide audience with some background in maths and preferably some background in computer vision. Mostly because there are some maths and magic behind the algorithms used, but I’ll try to keep them as simple and clear as possible. Should you have questions or remarks do not hesitate to comment !

This software was designed to detect “pawns” and “figures” defined by the Eurobot 2011 rules and was demoed during “Industrie Lyon” from 5 april to 8 april 2011. Before continuing reading this post you should read the summary about the rules of the contest so you don’t get lost.

Besides the 5 previously mentioned steps, 2 other steps were necessary before attempting any computer recognition: terrain calibration and colour calibration. These 2 processes will be explained on separate posts as they are far more complex than the COTBLEDTCID itself.

After the pawns’ positions had been detected by the means of COTBLEDTCID, they were sent wirelessly to the robot through a XBee connection.

Additional requirements

  • The software should be used in a real-time environment. The fastest the algorithm, the better.
  • The software should be easy to use and fast to configure. (Teams have only 1 minute and 30 seconds before a match to completely set up the robot and its peripherals).

Hardware set-up

  • A Fit-PC-2 disk-less and fan-less computer running a customized ubuntu version controlled through ssh.
  • 3 identical Microsoft LifeCam Cinema webcams. Why 3 cameras should you ask. Well, during a match, there are two robots that constantly move around the table and obfuscate large parts of the terrain, with 3 cameras chances are we see most of the objects on the playing table at any time.

Assumptions made

  • Light intensity remains constant during the match and after calibration.
  • The cameras do not move during the match.

Both assumptions resulted to be inaccurate but did not affect the result as the detection and pose estimation algorithm is fairly robust.

Shiny pics

What the computer sees (note that the robot’s game field wasn’t entirely finished by the time):

What the computer sees

What the computer understands: (compare the pawns’ position in both images. You may use the red top corner or the black area at the bottom of the image as a reference)

what the computer understands

It’s fairly accurate isn’t it ?

What’s next

In the next section I will explain how the Colour Thresholding works and why we need it (COT for short).

Capture Video with OpenCV and VideoInput (Windows only)

As you might have already noticed, the internal’s opencv camera interface is far from complete. You can capture video from your camera without a hassle but you’re very limited to what you can do.

For instance, let’s say you have a webcam that can run at HD resolution ( 1280 x 720 px ), you can use the opencv’s class cv::VideoCapture to get the frames but you’re going to have a hard time on getting the full resolution out of your device.

To sort out this problem, one could use specialized libraries. The disadvantage :  they’re not usually multi platform so you’ll find yourself writing classes for every platform where you’re camera device operates.

Theo  developed a very useful video capture library for windows called videoInput.

Continue reading