Security Question- check if Imacros COM Object is spoofed???

Discussions and Tech Support related to automating the iMacros Browser or Internet Explorer from any scripting and programming language, such as VBS (WSH), VBA, VB, Perl, Delphi, C# or C++.

Moderators: Community Moderators, iMacros Moderators

Forum rules
Before asking a question or reporting an issue:
1. Please review the list of FAQ's.
2. Use the Google search box (at the top of each forum page) to see if a similar problem or question has already been addressed. This will search the entire contents of the forums as well as the iMacros Wiki.
3. We can respond much faster to your posts if you include the following information:

CLICK HERE FOR IMPORTANT INFORMATION TO INCLUDE IN YOUR POST

Answering your own posts (e.g. attempting to "bump" your topic) drops your topic from the list of unanswered threads, so it may actually receive less views.

Security Question- check if Imacros COM Object is spoofed???

by cchappell on Mon Jun 01, 2015 1:29 pm

I've been thinking of creating a product using Imacros.

I have a question regarding using it securely.

It looks like with the scripting edition you are basically automating a COM Object.

My concern is the following:

What if a hacker creates a malicious COM object and installs it on clients computer.

You send personally identifiable information to Imacros to fill a web form. But instead the malicious COM object intercepts the information instead.

Is there anyway to test programmatically to be sure that Imacros has not been spoofed or tampered with

When I call Imacros. I actually want to know I using the COM object from Iopus and are not using a "spoofed" COM object designed to steal my info and then pass it to Imacros to run.

I'm thinking Imacros is popular and could one day be a target of something like this.

How would I check programmatically that Imacros being used in the script is not a rogue com object but the real thing?

Thanks,

Chris Chappell
cchappell
 
Posts: 2
Joined: Tue Jun 26, 2007 11:51 am

Re: Security Question- check if Imacros COM Object is spoofe

by chivracq on Mon Jun 01, 2015 3:15 pm

cchappell wrote:I've been thinking of creating a product using Imacros.

I have a question regarding using it securely.

It looks like with the scripting edition you are basically automating a COM Object.

My concern is the following:

What if a hacker creates a malicious COM object and installs it on clients computer.

You send personally identifiable information to Imacros to fill a web form. But instead the malicious COM object intercepts the information instead.

Is there anyway to test programmatically to be sure that Imacros has not been spoofed or tampered with

When I call Imacros. I actually want to know I using the COM object from Iopus and are not using a "spoofed" COM object designed to steal my info and then pass it to Imacros to run.

I'm thinking Imacros is popular and could one day be a target of something like this.

How would I check programmatically that Imacros being used in the script is not a rogue com object but the real thing?

Thanks,

Chris Chappell

CIM...! :mrgreen:

My 2 cts:
It is indeed possible to modify the iMacros Add-on (for FF at least), I've already done it, I used some maybe 2 years ago for a few months a customized Version of iMacros for FF (until my Changes once got overwritten during some iMacros Update).

I am using iMacros for FF v8.8.2 with Pale Moon v24.6.2 (=FF31) on Win7-x64 and a (maybe a bit cumbersome) way to do what you want would be to (mis)use the 'CHECKSUM' Parameter/Command from the 'ONDOWNLOAD' Command on (for iMacros for FF) 'imacros.jar' (located for my PM Browser) in:
C:\Users\chivracq\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\yy8yzhlq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\chrome

---------------------------
Checksum information
---------------------------
Name: imacros.jar
Size: 836993 bytes (0 MB)

SHA256: 53E554E22A00FB64787C839797E1E4E46D17336B39A99306AFD33619682EC86D

---------------------------
OK
---------------------------

You could upload this File at the beginning of your Macro to some Web-Site and download it back to be able to use the 'ONDOWNLOAD' Command.

Some easier way might be to use the Microsoft FCIM Tool (like explained on the 'CHECKSUM' Wiki-Page) and still for FF or PM, use the FF Add-on 'External Applications Button' with a Button on some mini .BAT File running the 'fcim' Command on that File, which will allow you with one Click from within your Browser to check the 'imacros.jar' File before actually running a Macro. And if you add a Shortcut onto that Button, you can even call it from a Macro using the EVENT Mode.
- (F)CIM = (Full) Config Info Missing: iMacros + Browser + OS with all 3 Versions...
- I usually don't even read the Question if that (required) Info is not mentioned...
- Script & URL usually help a lot for a more "educated" Help...
chivracq
 
Posts: 6479
Joined: Sat Apr 13, 2013 6:07 am
Location: Amsterdam (NL)


Return to Scripting and Command Line Interface

Who is online

Users browsing this forum: No registered users and 3 guests

-->