createdbyfahad / FieldSecured Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Chrome extension that prevents Autofill from giving personal information to any website without the user's consent.

0 stars 0 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
icons		icons
README.md		README.md
content_script.js		content_script.js
jquery-3.3.1.slim.min.js		jquery-3.3.1.slim.min.js
manifest.json		manifest.json
popup.html		popup.html
popup.js		popup.js
test.html		test.html

Repository files navigation

FieldSecured

Chrome extension to fix the autofill security vulnerability where a website can get the user's private information without the user knowing.

Links

Install from Google Chrome webstore: https://chrome.google.com/webstore/detail/fieldsecured-autofill-phi/faaapoieacipneimcoihjjipadkfjoeg
Research paper assessing the vulnerability and fixes: https://github.com/createdbyfahad/FieldSecured/files/2559846/Report.pdf
Poster summarizing my research: https://github.com/createdbyfahad/FieldSecured/files/2559849/Poster.pdf

Development and testing

manifest.json is requested by Chrome webstore and it has information about the extension
content_script.js is the main file of the extension that checks the page for security flaws
popup.html has a template of the popup section when the icon is clicked from Chrome bar
test.html to test the extension, the html file has a form with many hidden fields and it will redirect to httpbin when submitted

About

Chrome extension that prevents Autofill from giving personal information to any website without the user's consent.

javascript chrome-extension security-vulnerability

Report repository

Releases

No releases published

Packages

No packages published

Languages