How to do it
1) Open the Login Page of any website. E.g http://www.gmail.com
2) Type your ‘Username’ and ‘Password’. (DONT CLICK LOG IN)
4) As soon as you press ‘Enter’, A window pops up showing Password typed by you..!
This means anybody could walk over to your PC and use this if your browser/website has been ticked to ‘remember your password’
Note : Works on Firefox. Not working on IE9. Perhaps you can test it on various browsers and see if it works for you.
How does it work?
If you right click the page and click ‘View Source’ , you’ll be able to do a CTRL+F and search for: psswd
This is where the JS code is grabbing your pass from and giving it to you in an ‘alert’. How is it doing that? Very simple. Your password is only sent across the network encrypted, before that, it’s not encrypted.
What can i do to stop it?
You can make sure you do not have boxes ticked on your computer to remember your password. If someone comes along and uses this code, there’s no traces e.g Keyloggers, rats etc. So un-tick any boxes that remember your passwords.
Stay safe & secure.