Automatic login and password completion

Asked

Viewed 915 times

1

I have some links that I access frequently at work, so I created a page with all these links to make it easy to access.

Some of these sites I have a username and password for access. What I wanted to do was click on the link and the user and password fields be filled in, maybe using javascript.

I thought as follows, create a script in js that "read" the page and insert in the login and password fields the access data, then I would put a trigger in the attribute <a href> to run this script by clicking on the link. But I don’t know how to do this.

No problem with loss of confidentiality or vulnerability, because the page I created is saved on my machine and only I use it.

javascript

  • Give you to create a boot to insert this directly, I will assemble a response and post

  • Are these links all from the same environment, from the same local domain? It would be interesting an example.

  • @DVD They are not of the same domain. They are websites of some carriers that we use to carry out company deliveries.

1 answer

1

I’m going to write down some things here that may seem harsh, harsh and even crude. That’s not the intention, so please don’t feel offended. It’s for your own good, and for the good of those who have the same doubt as you.

I have some links that I access frequently at work, so I created a page with all these links to make it easy to access.

With time and experience you will find that browser favorites are a much easier and practical way to quickly access the pages that are of most interest to you.

Some of these sites I have a username and password for access. What I wanted to do was click on the link and the user and password fields be filled in, maybe using javascript.

To do this with you want, you would have to inject Javascript into these pages, or run them into a iFrame to manipulate her from the outside. Both ways to achieve this are attack vectors, so sites have defense mechanisms against that that are activated by default. If you want to delve into the subject, start with this question:

What is CSRF attack and what damage it can cause?

And then search for CORS, XSS and CSRF, in this order.

I thought as follows, create a script in js that "read" the page and insert in the login and password fields the access data, then I would put a trigger in the attribute to execute this script by clicking on the link. But I don’t know how I can do it.

There is a more practical mechanism, which is the automatic filling of passwords by the browser. This feature is enabled by default. If not enabled, you can easily enable. Depending on your browser, your passwords will even be saved in the cloud, so you can repurpose auto-fill on other computers and devices.

No problem with loss of confidentiality or vulnerability, because the page I created is saved on my machine and only I use it.

Quite the contrary. Storing passwords in the browser and cloud ensures security through encryption and native operating system resources.

If you’re going to reinvent the wheel and store passwords on a page, right into the source code... I guess you didn’t think to encrypt them, right? Just a malicious co-worker finds out that you have this file you will have lost the confidentiality of these passwords. Bonus lost passwords if the network admin can access your machine remotely. Even bigger bonus if you send this password file to yourself by email to take advantage of it on another computer, or if you have stored it on a flash drive.

Don’t try to create a solution to a problem if you don’t have full mastery of the problem, okay? But be sure to study and improve yourself because of this. I suggest studying enough information security. You will find bigger challenges than the one you have in hand now, and it will be fun to solve them.

  • Look I understand your point and I think valid everything you put. I did not know the forms of attack you spoke and I will look for them for sure. But I believe I was not very clear in my question. These sites are accessed by everyone in the department and have default login and password. everyone accesses with the same user and password. Another thing is that the amount of sites is very large, not all fit in the visible part of the bookmark bar. That’s why I created this html script to allocate all of them.

  • Another point, all these passwords are already on my page. I have a table where I put all links with the user and password, to facilitate my access. I did this because often the company’s T.I area cleans up everyone’s profiles and the passwords saved in the browser go into space. I thought about it so you didn’t have to save the passwords from time to time.

Browser other questions tagged javascript

You are not signed in. Login or sign up in order to post.