Skip to content
A simple demo of phishing by abusing the browser autofill feature
Branch: master
Clone or download
Latest commit d7d229a Mar 26, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitattributes 🌅 Jan 5, 2017 🌅 Jan 5, 2017
package.json Make package private Aug 15, 2018 Added reference to prior art Jan 7, 2017

Browser Autofill Phishing 🐟

GitHub license

This is a simple demonstration of form fields hidden from the user, but will be filled anyways when using the browser form autofill feature, which poses a security risk for users, unaware of giving their information to the website.

Google Chrome behaviour

Here's the demo in action on the Google Chrome Browser:

Autofill Demo

Other browsers

It works differently in some other browsers. For example:

  • In Safari, it will tell you all the data it is filling into the form, even if it isn't visible to you.

  • In Firefox, you have to right click an input field and then select an identity to use. So a Firefox user autofills each field.

Live demo

View the page at:


Please feel free to submit pull requests to this repository for any additional information you feel is important!


You can’t perform that action at this time.