How to do it
1) Open the Login Page of any website. E.g http://www.gmail.com
2) Type your ‘Username’ and ‘Password’. (DONT CLICK LOG IN)
3) Copy and paste the JavaScript code given below into your browser’s address bar and press ‘Enter’ on your keyboard.
Quote:j alert(document.getElementById(‘Passwd’).value);
4) As soon as you press ‘Enter’, A window pops up showing Password typed by you..!
This means anybody could walk over to your PC and use this if your browser/website has been ticked to ‘remember your password’
Note : Works on Firefox. Not working on IE9. Perhaps you can test it on various browsers and see if it works for you.
How does it work?
It’s a simple Javascript code which grabs the raw data (value) you entered into the password (passwd) box.
If you right click the page and click ‘View Source’ , you’ll be able to do a CTRL+F and search for: psswd
This is where the JS code is grabbing your pass from and giving it to you in an ‘alert’. How is it doing that? Very simple. Your password is only sent across the network encrypted, before that, it’s not encrypted.
What can i do to stop it?
You can make sure you do not have boxes ticked on your computer to remember your password. If someone comes along and uses this code, there’s no traces e.g Keyloggers, rats etc. So un-tick any boxes that remember your passwords.
Stay safe & secure.
