I am researching for auto-fill mechanisms in built-in web-browsers password managers. Using windows hosts file i am redirecting browser query to my web-server where i am storing the full copy of login web-form for some site. When I repeat these steps in Firefox browser, it leaks the passwords to my fake page providing us ability to steal this data, but Chrome and IE are not give away the logins and passwords. Which security mechanisms implemented in those browser? Is there any additional security checkings in IE and Chrome that are not implemented in Firefox?
Asked
Active
Viewed 143 times
3
-
I'm confused as to what autofill has to do with the question. Are you saying that when you submit the page, chrome and IE don't actually send the data? – Xiong Chiamiov Mar 04 '17 at 16:53
-
i had in mind the ability of browser to store the passwords for websites and autofilling them every time you hitting the site login page. When i redirect browser (by editing the hosts file) to the page that contains the same login form, than only firefox autofills data, but other browsers refused to do it. So i am interesting, which additional checkings are made in those browsers – Giuseppe Baldinini Mar 04 '17 at 16:58
-
1Good question. I'd start my search in the SOP documentation of the rowsers: https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy – J.A.K. Mar 04 '17 at 19:21