"The Google Chrome browser allows the installation of
third-party extensions that are used to extend the browser to add
allow manipulation of the DOM, amongst other features.
"By allowing access to the DOM, an attacker can thus read form
fields...including username and password fields. This is what
sparked my idea of creating this PoC.
"The extension I present here is very simple. Whenever a user
submits a form, it tries to capture the username and password
fields, sends me an email via an Ajax call to a script with these
login details along with the url and then proceeds to submit the
form normally as to avoid detection."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.