JavaScript to Unmask Password on Web Pages!

Here comes javascript which is tested on firefox & IE!


Just copy above code and paste it in ur browsers address bar (navigation bar or url bar).

They press enter and you will see a prompt like this!

This is for yahoo..

javascript:alert(document.getElementById('passwd').value)

Of course your password may be different!

There is one more similar script! This will change HTMLs <input> tags “type” attribute from “password” to “text”!

javascript: alert(document.getElementById('Passwd').type='text');

On hitting enter you will see a prompt, just ignore it and look at screen… The password field will be unmasked any now and look like this…

The above script may fail on hotmail when opened in firefox! But don’t worry, as you are in Devil’s Workshop!

Try following code in the same way! This does not work with antique IE 6.0 and with release of firefox 2.0, I did not bothered to give IE 7.0 a try!

This will again prompt password like above!

javascript: function getElementsByAttribute(oElm, strTagName, strAttributeName, strAttributeValue){ var arrElements = (strTagName == "*" && oElm.all)? oElm.all : oElm.getElementsByTagName(strTagName); var arrReturnElements = new Array(); var oAttributeValue = (typeof strAttributeValue != "undefined")? new RegExp("(^|s)" + strAttributeValue + "(s|$)") : null; var oCurrent; var oAttribute; for(var i=0; i< ocurrent =" arrElements[i];” oattribute =” oCurrent.getAttribute” oattribute =”=”> 0){ if(typeof strAttributeValue == “undefined” || (oAttributeValue && oAttributeValue.test(oAttribute))){ arrReturnElements.push(oCurrent);}}} return arrReturnElements; } alert( getElementsByAttribute(document.body, “input”, “type”, “password”)[0].value);

And this will unmask password filed like above!

javascript: function getElementsByAttribute(oElm, strTagName, strAttributeName, strAttributeValue){ var arrElements = (strTagName == "*" && oElm.all)? oElm.all : oElm.getElementsByTagName(strTagName); var arrReturnElements = new Array(); var oAttributeValue = (typeof strAttributeValue != "undefined")? new RegExp("(^|s)" + strAttributeValue + "(s|$)") : null; var oCurrent; var oAttribute; for(var i=0; i< ocurrent =" arrElements[i];” oattribute =” oCurrent.getAttribute” oattribute =”=”> 0){ if(typeof strAttributeValue == “undefined” || (oAttributeValue && oAttributeValue.test(oAttribute))){ arrReturnElements.push(oCurrent);}}} return arrReturnElements; } ; alert( getElementsByAttribute(document.body, “input”, “type”, “password”)[0].type=”text” ) ;

Above scripts successfully tested on gmail, yahoo, hotmail, rediff login pages! Orkuts login pages have frames so the above may fail! In fireox you can also right-click on any frame and can open that frame separately in different window or tab and then can use any of above script!

Also any password field can be unmasked using DOM Inspector in firefox! Please don’t make false assumption that firefox is insecure! There is a feature called “master password” in firefox! That will protect your passwords against all javascript, DOM Inspectors, etc!

Who needs revelation (at least for web pages) … Enjoi!!!