Skip to content
Demo of phishing attack on the native HTML5 full screen API.
JavaScript Shell Ruby
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
css significantly improved demo in preparation for blog post, yo! Oct 9, 2012
img significantly improved demo in preparation for blog post, yo! Oct 9, 2012
js requestFullScreen() -> requestFullscreen() Oct 10, 2012
sound It's a mee, MARIO! Apr 12, 2012
.gitattributes first commit, working on BoA Apr 12, 2012
.gitignore
index.html
readme.md

readme.md

HTML5 Fullscreen API Attack

Copyright 2012 Feross Aboukhadijeh (http://feross.org). More info: http://feross.org/html5-fullscreen-api-attack/

Features

  • Emulates UI of:
    • current browser
    • current OS
    • handles arbitrary screen resolutions (fluid UI images)
  • Attack works whether user starts out in fullscreen mode or not. In fact, it's even more convincing when user is already fullscreened.
  • Attack preloads all images in background so that UI doesn't flash when images are load

License

MIT

You can’t perform that action at this time.