1

I'm currently working on a WinForms application that I'm hoping will allow users to enter stored passwords into a web browser without a keylogger being able to see the password. I've got the storing part completed, but I can't figure out how to insert the password into a browser without using either the clipboard or .NET's SendKeys class, both of which can be seen by most keyloggers.

I looked into using Windows messages to do this, but, from what I understand, you need to know the hWnd of a control in order to send it a Windows message. Unfortunately, it appears that web browsers do not use hWnds for individual textbox controls.

I know there has to be a way to do this. In Notepad++, for example, you can drag text into a web browser textbox and the text doesn't show up in keyloggers. Same goes for Neo's SafeKeys. Anyone have any ideas on a general approach to doing this? Thanks so much.

Improve this question
3
  • What happens when you drag and drop notepad text, is a temporary copy/paste (just like ctrl+c / ctrl+v) and has nothing to do with what you are trying to do. Commented Feb 13, 2015 at 13:27
  • I'm talking about dragging text from Notepad++ to a textbox in a browser. That doesn't get added to the clipboard, or, if it does, it does so in a way that prevents the keyloggers I've tested from detecting it. Commented Feb 13, 2015 at 16:32
  • Yes, this is a windows feature not notepad++. You can do the same in other applications. And it does use the copy paste mechanism. You can use this mechanism programmatically but you can't tell it to paste in a password field of a browser since windows doesn't know where this field is. Which is why you need the webdriver library. Hope this helps to understand! Commented Feb 13, 2015 at 16:48

1 Answer 1

Reset to default
1

What you want is a WebDriver Library. Unfortunately .net does not have plenty of good ones. You can take a look at WatiN or selenium

From what I understand watin isn't supported anymore and is not multi-browser compatible.

Here is an example of what you can do with selenium 

using (var driver = new ChromeDriver())
{
    driver.Navigate().GoToUrl("http://testing-ground.scraping.pro/login");
    var userNameField = driver.FindElementById("usr");
    var userPasswordField = driver.FindElementById("pwd");
    var loginButton = driver.FindElementByXPath("//input[@value='Login']");

    userNameField.SendKeys("admin");
    userPasswordField.SendKeys("12345");
    loginButton.Click();
}

I image you can link your driver to an existing opened browser

If you are able to run ruby on the computers I would recommend using Watir and running the ruby script doing the web manipulation from the c# using processes.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This looks very promising! Thank you so much. I'll look into it.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.