HTML / CSS / JS: Can a user enter an invisible form to intercept (capture)?

Question

HTML / CSS / JS: Can a user enter an invisible form to intercept (capture)?

I heard someone mention that it is theoretically possible to position an invisible iframe on top of the content and get the input that someone wants to insert into the form. How is it possible and not get suspicion? It scares me...

+3

javascript html security css iframe

tekknolagi Jan 31 '11 at 23:49

source share

3 answers

, - . , noscript ( firefox). - - javascript. ! ! , .

+1

Kit Scuzz 31 . '11 23:55

.: -)

, . , . , , .

I see that someone mentioned clickjacking, which captures the click event. In general, this differs from capturing the form, although it could be used to cover the buttons after filling out the form. Once again, there it looks like a phishing attack, since you get to their site. Without this wrong direction, they cannot embed the JavaScript needed to do the job.

What is your real problem? What can someone hit your site and be hijacked without another site? Hardly. So that people can be deceived. Well, PT Barnum taught us that everyone was born every day.

0

Gregory A Beamer Jan 31 '11 at 23:56

source share

Chris Laplante · Accepted Answer · 2011-01-31T23:52:22+0000

Yes it is possible! It was called clickjacking , and it is really real. Check this out for more info: http://en.wikipedia.org/wiki/Clickjacking

Michal Zalewski of Google has a theoretical example (Source: Page 1 , Page 2 ):

A IFRAME, B, ", - ." IFRAME , B, " ", " " .. [] , , , A, .

HTML / CSS / JS: Can a user enter an invisible form to intercept (capture)?

More articles: