Stealing login details with a Google Chrome extension
Jul 11, 2010, 19:04 (0 Talkback[s])
(Other stories by Andreas Grech)
"The Google Chrome browser allows the installation of
third-party extensions that are used to extend the browser to add
allow manipulation of the DOM, amongst other features.
"By allowing access to the DOM, an attacker can thus read form
fields...including username and password fields. This is what
sparked my idea of creating this PoC.
"The extension I present here is very simple. Whenever a user
submits a form, it tries to capture the username and password
fields, sends me an email via an Ajax call to a script with these
login details along with the url and then proceeds to submit the
form normally as to avoid detection."