feross/Fullscreen-API-Attack

Stars
116
Rank 303,894 (Top 6 %)
Language
JavaScript
Created over 12 years ago
Updated over 11 years ago

feross/Fullscreen-API-Attack

feross

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Demo of phishing attack on the native HTML5 full screen API.

HTML5 Fullscreen API Attack

Copyright 2012 Feross Aboukhadijeh (http://feross.org). More info: http://feross.org/html5-fullscreen-api-attack/

Features

Emulates UI of:
- current browser
- current OS
- handles arbitrary screen resolutions (fluid UI images)
Attack works whether user starts out in fullscreen mode or not. In fact, it's even more convincing when user is already fullscreened.
Attack preloads all images in background so that UI doesn't flash when images are load

License

MIT

simple-peer

📡 Simple WebRTC video, voice, and data channels

SpoofMAC

💼 Change your MAC address for debugging

thanks

🙌 Give thanks to the open source maintainers you depend on! ✨

buffer

The buffer module from node.js, for the browser.

spoof

Easily spoof your MAC address in macOS, Windows, & Linux!

awesome-mad-science

Delightful npm packages that make you say "wow, didn't know that was possible!"

filldisk.com

💾 Masterful trolling with HTML5 localStorage

hostile

Simple, programmatic `/etc/hosts` manipulation (in node.js)

TheAnnoyingSite.com

The Annoying Site a.k.a. "The Power of the Web Platform"

yt-player

Simple, robust, blazing-fast YouTube Player API

clipboard-copy

Lightweight copy to clipboard for the web

bitmidi.com

🎹 Listen to free MIDI songs, download the best MIDI files, and share the best MIDIs on the web

electron-workshop

Workshop: Build cross-platform desktop apps with Electron

drag-drop

HTML5 drag & drop for humans

simple-get

Simplest way to make http get requests. Supports HTTPS, redirects, gzip/deflate, streams in < 100 lines

md5-password-cracker.js

Crack MD5 passwords with JavaScript Web Workers

run-parallel

Run an array of functions in parallel

magickeyboard.io

Ultimate hacker keyboard

safe-buffer

Safer Node.js Buffer API

timidity

Play MIDI files in the browser w/ Web Audio, WebAssembly, and libtimidity

p2p-graph

Real-time P2P network visualization with D3

multistream

A stream that emits multiple other streams one after another (streams3)

zelda

Automatically `npm link` all your packages together!

run-series

Run an array of functions in series

funding

Let's get open source maintainers paid ✨

render-media

Intelligently render media files in the browser

cs253.stanford.edu

CS 253 Web Security course at Stanford University

simple-websocket

Simple, EventEmitter API for WebSockets

queue-microtask

fast, tiny `queueMicrotask` shim for modern engines

last-fm

Simple, robust LastFM API client (for public data)

studynotes.org

✏️ Learn faster. Study better.

whiteboard

P2P Whiteboard powered by WebRTC and WebTorrent

ytinstant.com

Real-time YouTube video surfing.

mediasource

MediaSource API as a node.js Writable stream

chrome-net

Use the Node `net` API in Chrome Apps

login-with-twitter

Login with Twitter. OAuth without the nonsense.

cross-zip

Cross-platform .zip file creation

unmute-ios-audio

Enable/unmute WebAudio on iOS, even while mute switch is on

capture-frame

Capture video screenshot from a `<video>` tag (at the current time)

ieee754

Read/write IEEE754 floating point numbers from/to a Buffer or array-like object.

cyberhobo

Offline `git push` and `npm publish` for cyberhobos

Instant.fm

Share music playlists with friends.

available

Scan npm for available package names

bg-sound

Web Component to emulate the old-school <bgsound> HTML element

lxjs-chat

Talk to strangers! (P2P video chat using WebRTC)

play.cash

🎶 Music lovers, rejoice.

reddit

Simple Reddit API client

is-buffer

Determine if an object is a Buffer

run-waterfall

Run an array of functions in series, each passing its results to the next function

run-auto

Determine the best order for running async functions, LIKE MAGIC!

WireSheep

WireSheep shows you each user on the network and all the HTTP requests they're making in a pretty News Feed, a la Facebook.

oculus-drone

Pilot a Parrot AR Drone with the Oculus Rift virtual reality headset!

arch

Better `os.arch()` for node and the browser -- detect OS architecture

string-to-stream

Convert a string into a stream (streams2)

feross.org

Pure concentrated awesome (a.k.a. my blog)

config

Server config files (nginx, mysql, certbot)

run-parallel-limit

Run an array of functions in parallel, but limit the number of tasks executing at the same time

blob-to-buffer

Convert a Blob to a Buffer.

CMSploit

Security scanner to find temporary config files that contain passwords on public websites

location-history

Lightweight browser location history abstraction

fromentries

Object.fromEntries() ponyfill (in 6 lines)

typedarray-to-buffer

Convert a typed array to a Buffer without a copy.

speakeasyjs.com

The JavaScript meetup for 🥼 mad science, 🧙‍♂️ hacking, and 🧪 experiments

express-sitemap-xml

Serve sitemap.xml from a list of URLs in Express

beepbeep

Make a console beep sound.

connectivity

Detect if the network is up (do we have connectivity?)

stream-to-blob

Convert a Readable Stream to a Blob

color-scheme-change

Detect system color scheme changes on the web (Dark Mode)

conferences

Conferences that I will attend or have already attended

Life

An experiment in treating life like a software project.

git-pull-or-clone

Ensure a git repo exists on disk and that it's up-to-date

cctv.js

Watch live visitors using your website.

Facebook-Like-Everything

Bookmarklet to Like every post+comment that you see on Facebook.

load-script2

Dynamic script loading for modern browsers

simple-sha256

Generate SHA-256 hashes (in Node and the Browser)

async-lru

A simple async LRU cache supporting O(1) set, get and eviction of old keys

peerdb

dotfiles

Configuration files for zsh, screen, git, ssh, sublime, dot dot dot

chrome-dgram

Use the Node `dgram` API in Chrome Apps

webcam-spy

Demo of Adobe Flash clickjacking vulnerability to spy on a user's webcam.

standard-react

JavaScript Standard Style for React Users

BrainGrinder

Instant foreign language flashcards (with audio!)

ahh-windows

Windows XP Emulator -- in the browser :)

chrome-dns

Use the Node `dns` API in Chrome Apps

objection-slug

Automatically generate slugs for an Objection.js model

call-log

Instrument a JavaScript class (or object) so that anytime a method function is called it gets logged to the console.

zero-fill

Zero-fill a number to the given size.

caught-in-a-web-of-apis

Attack code to accompany "Caught in a Web of APIs: An Analysis of Powerful Web APIs" research paper

cache-chunk-store

In-memory LRU (least-recently-used) cache for abstract-chunk-store compliant stores

clash

A Simple Bash-Like Shell

preload-img

Preload an image on a webpage

chunk-store-stream

Convert an abstract-chunk-store compliant store into a readable or writable stream

feross-card

It's me, Feross!

vlc-command

Find VLC player command line path

raft

An understandable consensus algorithm

simple-concat

Super-minimalist version of `concat-stream`. Less than 15 lines!

stream-to-blob-url

Convert a Readable Stream to a Blob URL

SuperTranslate

"Super translate" words into many different languages at once

Fling

Send songs, videos, web urls from your phone to your desktop with a flick of your wrist

detect-proxy

Using <img> to detect whether the user is browsing through a proxy or not.