Many web applications are currently susceptible to malicious attacks, often by scripts installed and executed on client devices without user knowledge. The scripts can be trojans or other types of malicious code surreptitiously installed on client devices along with the opening of an e-mail attachment or installation of a web browser toolbar, for example, although many other types of scripts and methods for installation are used by malicious entities.
In some cases, malicious scripts target sensitive data input by users into web page forms. Accordingly, the malicious code can execute event listeners that attach to HTML input fields identified in the web page source code. The event listeners observe keystrokes to obtain sensitive data entered by a user into the web page input fields. In another example, malicious code can parse HTTP messages sent following a form submission to obtain data submitted via input fields having names or other attributes that may correspond with sensitive data (e.g., user name or password).
In yet another example, malicious scripts can parse web pages or web page source code to determine the order of input fields, particularly those input fields that may correspond with sensitive data. For example, if a web page includes a form with ten input fields, the eighth of which is determined to be associated with a social security number, malicious scripts can obtain the eighth name/value pair from the HTTP message sent following the form submission irrespective of whether the name or other attributes(s) of the corresponding input field is indicative of sensitive data (“social_security_number” or equivalent in this example).