Hi Guys ,
Meanwhile , all popular browsers have an integrated login manager . This feature is not only convenient for users , but also for dodgy advertisers who misuse the data for user tracking . For example, in January 2017 , Finnish web developer and hacker “Viljami Viljami Kuosmanen” described a phishing method that also uses “Autofill” . Like “Kuosmanen” , the researchers at Princeton University also advise deactivating the “Autofill” function in the browser . If you want to get an idea of the attack , you can also follow it yourself on a demo website set up by the research team.
Many websites include third-party tracking scripts that extract email addresses from login managers in the browser and send them to remote servers . This emerges from an analysis of around 50,000 websites by security researchers at Princeton University . Thus , over 1100 of these pages contained data-collecting JavaScript code from two different advertising companies .
As an Example : The autofill function must be active in the browser for automated retrieval of the e-mail addresses . After the user has consented to the persistent storage of the login data in the browser during the registration process on the website , the tracking script lurks on any subpage of the same domain . There it generates an invisible login form - and then simply waits until the login manager enters the requested data independently.
If you want , go check yourself ! >>> * Demo - Login manager autofill abuse *