Demo of phishing attack on the native HTML5 full screen API.
JavaScript Shell Ruby
Latest commit 3d9a75e Apr 18, 2013 @feross Update readme.md
Permalink
Failed to load latest commit information.
css significantly improved demo in preparation for blog post, yo! Oct 9, 2012
img significantly improved demo in preparation for blog post, yo! Oct 9, 2012
js
sound
.gitattributes
.gitignore
index.html
readme.md Update readme.md Apr 18, 2013

readme.md

HTML5 Fullscreen API Attack

Copyright 2012 Feross Aboukhadijeh (http://feross.org). More info: http://feross.org/html5-fullscreen-api-attack/

Features

  • Emulates UI of:
    • current browser
    • current OS
    • handles arbitrary screen resolutions (fluid UI images)
  • Attack works whether user starts out in fullscreen mode or not. In fact, it's even more convincing when user is already fullscreened.
  • Attack preloads all images in background so that UI doesn't flash when images are load

License

MIT