Is your saved passwords were safe in browser? - Blog

In this article, I would like to share the server-side source code for stealing auto-fill saved passwords from modern browsers. It might be useful for Penetration testers or Red Teams.

Demo Steps:

User’s should enter the dummy username/password from available form.
Save the password in browser
XSS code technique will steal password from auto-filled password field.

Server side-source code:

Demo Website

Public hosted Attacker Server - May takedown in future