I’m going to write down some things here that may seem harsh, harsh and even crude. That’s not the intention, so please don’t feel offended. It’s for your own good, and for the good of those who have the same doubt as you.
I have some links that I access frequently at work, so I created a page with all these links to make it easy to access.
With time and experience you will find that browser favorites are a much easier and practical way to quickly access the pages that are of most interest to you.
Some of these sites I have a username and password for access. What I wanted to do was click on the link and the user and password fields be filled in, maybe using javascript.
To do this with you want, you would have to inject Javascript into these pages, or run them into a iFrame
to manipulate her from the outside. Both ways to achieve this are attack vectors, so sites have defense mechanisms against that that are activated by default. If you want to delve into the subject, start with this question:
What is CSRF attack and what damage it can cause?
And then search for CORS, XSS and CSRF, in this order.
I thought as follows, create a script in js that "read" the page and insert in the login and password fields the access data, then I would put a trigger in the attribute to execute this script by clicking on the link. But I don’t know how I can do it.
There is a more practical mechanism, which is the automatic filling of passwords by the browser. This feature is enabled by default. If not enabled, you can easily enable. Depending on your browser, your passwords will even be saved in the cloud, so you can repurpose auto-fill on other computers and devices.
No problem with loss of confidentiality or vulnerability, because the page I created is saved on my machine and only I use it.
Quite the contrary. Storing passwords in the browser and cloud ensures security through encryption and native operating system resources.
If you’re going to reinvent the wheel and store passwords on a page, right into the source code... I guess you didn’t think to encrypt them, right? Just a malicious co-worker finds out that you have this file you will have lost the confidentiality of these passwords. Bonus lost passwords if the network admin can access your machine remotely. Even bigger bonus if you send this password file to yourself by email to take advantage of it on another computer, or if you have stored it on a flash drive.
Don’t try to create a solution to a problem if you don’t have full mastery of the problem, okay? But be sure to study and improve yourself because of this. I suggest studying enough information security. You will find bigger challenges than the one you have in hand now, and it will be fun to solve them.
Give you to create a
boot
to insert this directly, I will assemble a response and post– Rafael Augusto
Are these links all from the same environment, from the same local domain? It would be interesting an example.
– Sam
@DVD They are not of the same domain. They are websites of some carriers that we use to carry out company deliveries.
– Humberto Faria