Author Topic: Auto-fill arbitrary fields  (Read 6940 times)

Offline quixin

  • Administrator
  • *****
  • Posts: 538
Auto-fill arbitrary fields
« on: August 24, 2005, 03:23:04 PM »
Eric,  I was thinking about discussions that have taken place here in the past regarding PasswordMakers ability to fill in the username field.  You had explained briefly a method of having PWM search for the field but that it would not be 100% accurate if I remember correctly.  

The BugMeNot extension seems to do exactly this.  If your not familiar with it, basically the BugMeNot site has a database of accounts submitted by users that anyone can use to login to news site and other things of that nature so you do not have to register for an account to get information off of that website.  To login to a website you simply right click on the username field, select BugMeNot from the context menu and the username and password is entered and submitted.   I hoped this would be helpful.

BugMeNot Website
BugMeNot Extension 0.6.2



Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
    • http://www.wprus.com
Auto-fill arbitrary fields
« Reply #1 on: August 24, 2005, 03:28:22 PM »
Nick,

That seems to be a little different, though in that you tell it where the username field is, by context clicking on it.

WOW, I may just have coined a new term: contect clicking
« Last Edit: August 24, 2005, 03:28:46 PM by Romeo »
It is impossible to create a fool-proof system, because fools are ingenious.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3352
    • http://passwordmaker.org/
Auto-fill arbitrary fields
« Reply #2 on: August 24, 2005, 03:28:51 PM »
Yes, I'm very familiar with BugMeNot. I used it long before the extension came out :). I loaded the extension once, but didn't use it much so I uninstalled it. Well, I'll definitely take a close look at how they're finding the username field on the page. Thanks for the tip; I'll post again when I have reviewed their code.

-Eric

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3352
    • http://passwordmaker.org/
Auto-fill arbitrary fields
« Reply #3 on: August 30, 2005, 02:23:12 AM »
I examined the source code of the BugMeNot extension and I can re-use it. It essentially does a "brute force" search of all forms (including forms in frames) on a webpage for possible username, password, email, and submit fields. Here's an example (from bugmenotOverlay.js)
Code: [Select]
           for(var xx = 0; xx < TargetContent.document.forms.length; ++xx)
            {
                var TargetForm = TargetContent.document.forms[xx];
                var PasswordFound = false;
                var UserNameFound = false;
                var FoundSubmitButton = false;
                for(var xxx = 0; xxx < TargetForm.elements.length; ++xxx)
                {
                    if(TargetForm.elements[xxx].tagName == "INPUT" && TargetForm.elements[xxx].type.match(/text/i) && TargetForm.elements[xxx].name.match(/ID|un|name|user|usr|log|email|mail/i))
                    {
                        UserNameFound = true;
                        TargetForm.elements[xxx].value = chickanName;
                    }
                    if(TargetForm.elements[xxx].tagName == "INPUT" && TargetForm.elements[xxx].type.match(/text/i) && TargetForm.elements[xxx].name.match(/email|mail/i))
                    {
                        UserNameFound = true;
                        TargetForm.elements[xxx].value = chickanEmail;
                    }
                    if(TargetForm.elements[xxx].tagName == "INPUT" && (TargetForm.elements[xxx].type.match(/pass/i) || (TargetForm.elements[xxx].type.match(/text/i) && TargetForm.elements[xxx].name.match(/pass|word|pw/i))))
                    {
                        PasswordFound = true;
                        TargetForm.elements[xxx].value = BugMeNot_Password;
                    }
                    if(TargetForm.elements[xxx].tagName == "INPUT" && TargetForm.elements[xxx].type.match(/submit|button|image/i) && (TargetForm.elements[xxx].src.match(/log|sub|sign/i) || TargetForm.elements[xxx].value.match(/log|sub|sign/i) || TargetForm.elements[xxx].name.match(/log|sub|sign/i)) )
                    {
                        FoundSubmitButton = true;
                    }
                }
                var SearchChildNodesResults = SearchChildNodes(TargetForm, BugMeNot_Password, chickanEmail, chickanName);
                
                if((PasswordFound || SearchChildNodesResults["PasswordFound"]) && (UserNameFound || SearchChildNodesResults["UserNameFound"]) && (FoundSubmitButton || SearchChildNodesResults["FoundSubmitButton"]))
                {
                    PossibleForm = TargetForm;
                    if(TargetForm.getAttribute("action").match(/log|auth/i) || TargetForm.name.match(/log|auth/i) || TargetForm.id.match(/log|auth/i))
                    {
                        DefinitForm = TargetForm;
                        NonFrameNameDefinit = true;
                    }
                }
                
                
            }
What this lovely mess is doing is searching for form fields that contain ("match") various substrings; e.g., ID|un|name|user|usr|log|email|mail for username (the pipe operator -- | -- means OR).

This won't work on all sites like non-English ones where username is probably spelled very differently :)

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
    • http://www.wprus.com
Auto-fill arbitrary fields
« Reply #4 on: August 30, 2005, 02:39:09 AM »
Eric, when you know where the password field is, can't you the look for the username field in the same form.  In other words, the form will be something like this:
Code: [Select]
<form name="xyz" action="zse.asp" ...
   <input type="text" name="username" ...
   <input type="password" ...
   <input type="submit" ...
</form>
By knowing where the form is, you should be able to extract the username field.  That should eliminate a lot of useless fields on the same page.

But then, I didn't mind the way you did it in 0.8.0.  If you refine this a little by requesting that the user click on the username field, when setting up an account.  Then, when the user clicks in the username field, you just capture the click event and grab the name.

I do not know if this would be possible, but I thought that I would throw this idea your way.  Who knows, may be that'll kick something into gear in your brain.
It is impossible to create a fool-proof system, because fools are ingenious.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3352
    • http://passwordmaker.org/
Auto-fill arbitrary fields
« Reply #5 on: August 30, 2005, 02:42:10 AM »
Quote
If you refine this a little by requesting that the user click on the username field, when setting up an account. Then, when the user clicks in the username field, you just capture the click event and grab the name.
I thought I'd already done that in the 0.8 beta, didn't I?

Quote
when you know where the password field is, can't you the look for the username field in the same form
Yes, but how to know where the password field is without some kind of search like the BugMeNot extension is doing? Only other way is for the user to click on it to show PasswordMaker (just need to click on at ONCE at account set-up)

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
    • http://www.wprus.com
Auto-fill arbitrary fields
« Reply #6 on: August 30, 2005, 02:56:09 AM »
Quote
I thought I'd already done that in the 0.8 beta, didn't I?
I thought that we had to look at the html and then tell PM what the name is.

Quote
click on it to show PasswordMaker
I think that'll be great, sort of like AI [artificial inteligence].  I think that'll work great except for the default options.  But it would be a great improvement to PM, IMHO.
« Last Edit: August 30, 2005, 02:56:31 AM by Romeo »
It is impossible to create a fool-proof system, because fools are ingenious.

Offline quixin

  • Administrator
  • *****
  • Posts: 538
Auto-fill arbitrary fields
« Reply #7 on: August 30, 2005, 12:21:54 PM »
Quote
Yes, but how to know where the password field is without some kind of search like the BugMeNot extension is doing? Only other way is for the user to click on it to show PasswordMaker (just need to click on at ONCE at account set-up)
If that were the case, PWM would be able to enter both username & password with the hotkey correct?  Defining the username field would have to be simple.  Maybe it would work sort of like a spreadsheet math wizard.  I click a button to define the the field, PWM prompts for me to now click on the username box and then PWM identifies the box just based on me clicking on it or a new context menu item appears that says something like Define this field.

The Bugmenot extension works great on every site I have ever tried, All English of course.  If all else fails maybe we could just do some investigative work to find the substrings for other languages.  Maybe international users could report translations for their language.  That wouldnt be the easiest way to go about though.  I suppose finding a method to avoid that would be best.



Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3352
    • http://passwordmaker.org/
Auto-fill arbitrary fields
« Reply #8 on: August 30, 2005, 01:06:13 PM »
Quote
f all else fails maybe we could just do some investigative work to find the substrings for other languages. Maybe international users could report translations for their language.
That's an excellent idea.

OK, one more question: what if the user enters the username field on the Account-Settings dialog but also enters one in the custom fields-to-be-populated dialog (the one which was in 0.8 beta1)? Which username does PasswordMaker use to populate the username field?

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
    • http://www.wprus.com
Auto-fill arbitrary fields
« Reply #9 on: August 30, 2005, 01:25:43 PM »
Eric, don't forget that every field in a form has a unique name.  If not, it would be hard for the receiving action appliation to know which field is being sent.  If there are duplicate nanes in a form, the two or many values in the fields with the same name will be seperated by a comma and the order in which the values appear withing the comma seperated list will always be the same.

Hope that helps.
It is impossible to create a fool-proof system, because fools are ingenious.

Offline quixin

  • Administrator
  • *****
  • Posts: 538
Auto-fill arbitrary fields
« Reply #10 on: August 30, 2005, 01:28:14 PM »
Quote
OK, one more question: what if the user enters the username field on the Account-Settings dialog but also enters one in the custom fields-to-be-populated dialog (the one which was in 0.8 beta1)? Which username does PasswordMaker use to populate the username field?
Wouldn't you have to assume the user entered their actual username under their advanced account settings?  So the usernames should be the same.  To avoid any discrepancy, their should only be one entry for a username.  Passwordmaker should only store a username in one location per account and always pull the name from there.  Am I understanding your question correctly?



PasswordMaker Forums

Auto-fill arbitrary fields
« Reply #10 on: August 30, 2005, 01:28:14 PM »

 

anything