Saturday, May 12, 2007

Altering the homepage for Internet Explorer

In your Windows XP virtual machine, open Internet Explorer.
Go to Tools -> Internet Options in the Internet Explorer toolbar.
Enter in something new in the Home page address field (www.google.com, for example).

Nothing complicated so far, we are simply setting the default website that will be opened every time Internet Explorer is opened, or when you click the home icon in Internet Explorer.

The new website you typed in is actually stored in the Windows registry. It is not terribly difficult to edit this registry value, and hackers can easily run a script on your computer to edit the settings.

First, we will examine how to manually edit the registry values.

Run regedit by clicking on Start->run and typing in regedit.

This opens the Windows Registry Editor, which displays and allows you to edit all the registry values in Windows. First, we will edit the value for the default homepage through the registry editor.

Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

The registry values on the right side of the window are some of the options available for Internet explorer. The registry value which holds the user-defined homepage is named “Start Page.”

Change the homepage by modifying the registry value in “Start Page.” Now, when you go to the homepage in Internet Explorer, the new website will load.


Of course, this change doesn’t really accomplish much. The user still has the ability to go back to Tools->Internet Options and change the homepage to whatever he or she desires. What if there was a way to disable the text field so the user could not change the homepage?

Return to the registry editor.
Navigate to:

Right click on Microsoft and choose New->Key
Name the new key (which is really a folder) “Internet Explorer” (without the quotes).
Right click on the new Internet Explorer folder and choose New->Key
Name the new key “Control Panel” (without the quotes).
Right click on the new Control Panel folder and choose New->DWORD Value
Name the new DWORD Value “HomePage” (without the quotes).
Right click on HomePage (no space in between) and choose Modify
Set the value to 1 (base hexadecimal).

Now, return to Internet Explorer. Once again, go to Tools->Internet Options.
The fields to edit and reset the homepage are now grayed out and unchangeable!

Go back to the registry editor, and change the value of HomePage back to 0. The homepage options should now be editable again. Note that you have to close the current Internet Options window and open a new one to see the changes.

Note: These methods  are purely for educational purposes only. Be careful when editing your registry.

