A bookmarklet is a small application that you can save and run as a bookmark or a favorite in your browser. Initially, I thought it got called ‘bookmarklet’ since it’s like a mini-bookmark. I found out it’s actually a portmanteau of ‘bookmark’ and ‘applet’. Anyway, it’s usually some JavaScript code that you can use to extract some info from the web page that you are viewing or modify the appearance of the page among many other things.

For instance, here’s a very simple example… of course, there are other bookmarklets out there which are more informative… you can try running the following from the browser’s address bar:


Here’s another example — it raises an alert for each password value:


One of the first bookmarklets I’ve stumbled upon retrieved all edit boxes and their corresponding maxlengths, and raised an alert containing this info. I then thought that this was something that I can actually use since using the bookmarklets might be easier than using view source or counting the number of characters that can be typed in.

I played around with it a bit and used it to extract other attributes. By chance, it then led me to discover a security bug in one website. Without even being logged in, I was able to get my password (and other people’s passwords too if i wanted to). Just yesterday, I shared this bug to some of my teammates, and this prompted two of them to change their passwords to something less personal (I suppose).

Anyway, just to summarize my points… (1) bookmarklets have a potential for being used as a testing tool, and (2) be careful when choosing your password.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s