Skip to content
A simple demo of phishing by abusing the browser autofill feature
Branch: master
Clone or download
Latest commit d7d229a Mar 26, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitattributes 🌅 Jan 5, 2017
LICENSE.md 🌅 Jan 5, 2017
autofill-demo.gif 🌅 Jan 5, 2017
index.html Adds an input event listener to everything, negating the need for a u… Jan 7, 2017
package.json Make package private Aug 15, 2018
readme.md Added reference to prior art Jan 7, 2017

readme.md

Browser Autofill Phishing 🐟

GitHub license

This is a simple demonstration of form fields hidden from the user, but will be filled anyways when using the browser form autofill feature, which poses a security risk for users, unaware of giving their information to the website.

Google Chrome behaviour

Here's the demo in action on the Google Chrome Browser:

Autofill Demo

Other browsers

It works differently in some other browsers. For example:

  • In Safari, it will tell you all the data it is filling into the form, even if it isn't visible to you.

  • In Firefox, you have to right click an input field and then select an identity to use. So a Firefox user autofills each field.

Live demo

View the page at: https://anttiviljami.github.io/browser-autofill-phishing/

Contributing

Please feel free to submit pull requests to this repository for any additional information you feel is important!

References

You can’t perform that action at this time.