Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/anttiviljami/browser-autofill-phishing

A simple demo of phishing by abusing the browser autofill feature
https://github.com/anttiviljami/browser-autofill-phishing

Last synced: 6 days ago
JSON representation

A simple demo of phishing by abusing the browser autofill feature

Awesome Lists containing this project

README

        

# Browser Autofill Phishing 🐟
[![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/anttiviljami/browser-autofill-phishing/master/LICENSE.md)
[![Awesome Humane Tech](https://raw.githubusercontent.com/humanetech-community/awesome-humane-tech/main/humane-tech-badge.svg?sanitize=true)](https://github.com/humanetech-community/awesome-humane-tech)

This is a simple demonstration of form fields hidden from the user, but will be
filled anyways when using the browser form autofill feature, which poses a
security risk for users, unaware of giving their information to the website.

## Google Chrome behaviour

Here's the demo in action on the Google Chrome Browser:

![Autofill Demo](autofill-demo.gif)

## Other browsers

It works differently in some other browsers. For example:

* In Safari, it will tell you all the data it is filling into the form, even
if it isn't visible to you.

* In Firefox, you have to right click an input field and then select an
identity to use. So a Firefox user autofills each field.

## Live demo

View the page at:
[https://anttiviljami.github.io/browser-autofill-phishing/](https://anttiviljami.github.io/browser-autofill-phishing/)

## Contributing

Please feel free to submit pull requests to this repository for any additional
information you feel is important!

## References

- ["Why you should not use autocomplete" on yoast.com](https://yoast.com/autocomplete-security/)