Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/anttiviljami/browser-autofill-phishing

A simple demo of phishing by abusing the browser autofill feature
https://github.com/anttiviljami/browser-autofill-phishing

Last synced: 6 days ago
JSON representation

A simple demo of phishing by abusing the browser autofill feature

Awesome Lists containing this project

README 

        
# Browser Autofill Phishing 🐟

[![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/anttiviljami/browser-autofill-phishing/master/LICENSE.md)

[![Awesome Humane Tech](https://raw.githubusercontent.com/humanetech-community/awesome-humane-tech/main/humane-tech-badge.svg?sanitize=true)](https://github.com/humanetech-community/awesome-humane-tech)



This is a simple demonstration of form fields hidden from the user, but will be

filled anyways when using the browser form autofill feature, which poses a

security risk for users, unaware of giving their information to the website.



## Google Chrome behaviour



Here's the demo in action on the Google Chrome Browser:



![Autofill Demo](autofill-demo.gif)



## Other browsers



It works differently in some other browsers. For example:



* In Safari, it will tell you all the data it is filling into the form, even

  if it isn't visible to you.



* In Firefox, you have to right click an input field and then select an

  identity to use. So a Firefox user autofills each field.



## Live demo



View the page at:

[https://anttiviljami.github.io/browser-autofill-phishing/](https://anttiviljami.github.io/browser-autofill-phishing/)



## Contributing



Please feel free to submit pull requests to this repository for any additional

information you feel is important!



## References



  - ["Why you should not use autocomplete" on yoast.com](https://yoast.com/autocomplete-security/)