For instance, here’s a very simple example… of course, there are other bookmarklets out there which are more informative… you can try running the following from the browser’s address bar:
Here’s another example — it raises an alert for each password value:
One of the first bookmarklets I’ve stumbled upon retrieved all edit boxes and their corresponding maxlengths, and raised an alert containing this info. I then thought that this was something that I can actually use since using the bookmarklets might be easier than using view source or counting the number of characters that can be typed in.
I played around with it a bit and used it to extract other attributes. By chance, it then led me to discover a security bug in one website. Without even being logged in, I was able to get my password (and other people’s passwords too if i wanted to). Just yesterday, I shared this bug to some of my teammates, and this prompted two of them to change their passwords to something less personal (I suppose).
Anyway, just to summarize my points… (1) bookmarklets have a potential for being used as a testing tool, and (2) be careful when choosing your password.