## https://sploitus.com/exploit?id=FEF41599-6B58-5BDB-BB48-0E38230B7291
# 1-Click GitHub Token Stealing via VSCode
Proof-of-Concept exploit for a critical VS Code zero-day vulnerability that allows attackers to steal GitHub OAuth tokens and gain full read/write access to private repositories with a single link click.
Based on: Ammar Askar's research
```
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 1-CLICK GITHUB TOKEN THEFT β
β VS Code Zero-Day Exploit Chain β
β by ek0ms savi0r β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
```
DISCLAIMER FOR AUTHORIZED TESTING AND EDUCATIONAL PURPOSES ONLY
Overview
A single click is all it takes. This vulnerability weaponizes the trust relationship between github.com and github.dev, turning a seemingly harmless link into a silent token exfiltration machine.
When a user navigates from any repository on github.com to github.dev, GitHub automatically POSTs an OAuth token to the web-based editor. This token is not limited to the current repository β it provides access to every private repository the victim can access.
The exploit leverages a design flaw in VS Code's webview postMessage mechanism. Webviews are sandboxed iframes meant to isolate untrusted content, but the keyboard event forwarding system inadvertently bridges the security boundary.
Untrusted JavaScript inside a webview can forge keydown events that the main VS Code window accepts as legitimate user input. The exploit chain:
1. Payload delivery: A victim clicks a malicious github.dev link
2. Keystroke simulation: Malicious JavaScript in a Jupyter notebook cell creates fake keyboard events (Ctrl+Shift+A)
3. Extension installation: The main VS Code window processes the forged shortcut and prompts to install a "recommended" extension without publisher validation
4. Extension execution: The installed extension reads the OAuth token from window.__GITHUB_TOKEN__ or localStorage and exfiltrates it to an attacker-controlled server
5. Full compromise: The stolen token grants read/write access to all repositories the victim can access
The entire attack takes less than 30 seconds from link click to token exfiltration.
Technical Breakdown
The vulnerability resides in VSCodeβs webview implementation. To maintain keyboard shortcut functionality when a user focuses inside a webview, VSCode forwards all keydown events from the iframe back to the main window via a did-keydown postMessage handler.
This creates a critical security flaw: a malicious webview can dispatch synthetic keyboard events that the main window cannot distinguish from genuine user input. These forged keystrokes can activate VS Code commands, approve extension installations, and ultimately execute arbitrary code in the trusted editor context.
A Jupyter notebook cell is the ideal attack vehicle. Notebooks are rendered as webviews, execute JavaScript natively, and are automatically trusted by github.dev. The payload sleeps briefly, then dispatches Ctrl+Shift+A to trigger the "Install Recommended Extensions" prompt, followed by Ctrl+F1 to activate the malicious extension.
The malicious extension, installed as a local workspace extension (which bypasses publisher trust checks), then reads the OAuth token from window.__GITHUB_TOKEN__ or localStorage.getItem('github-oauth-token') and sends it to a remote server via HTTPS POST.
Proof of Concept
This repository contains the working exploit material:
Β· Notebook payload: README.ipynb β contains the obfuscated JavaScript payload that simulates keystrokes
Β· Malicious extension: .vscode/extensions/my-extension/ β the extension that exfiltrates the GitHub OAuth token
Β· Extension recommendation: .vscode/extensions.json β forces the installation prompt
The exploit requires no user interaction beyond clicking a single link. No binary downloads, no phishing pages, no security prompts β the token is silently exfiltrated in under 30 seconds.
---
Post-Exploitation: The Supply Chain Nightmare
A stolen GitHub OAuth token is not a static credential β it is a skeleton key to your entire software supply chain.
Capability Impact
Clone all private repos Full source code exfiltration
Modify code Inject backdoors, malware, or backdoored dependencies
Push to protected branches Bypass branch protection rules
Access GitHub Actions secrets Steal cloud credentials (AWS, GCP, Azure), API keys, npm tokens
Poison CI/CD pipelines Malicious workflow runs with your trusted identity
Publish malicious packages npm, PyPI, Docker Hub β under your name
Create backdoor GitHub Apps Persistent access that survives token rotation
Steal OIDC tokens Compromise cloud infrastructure directly
The Nx supply chain attack demonstrated exactly this pattern: a single stolen GitHub token led to credential theft, identity abuse, and cloud infrastructure compromise across thousands of organizations. The prt-scan campaign showed how stolen tokens can be used to enumerate repositories and exfiltrate secrets at scale.
Detection & Prevention
For Individual Developers
Action Priority
Clear github.dev site data immediately (Chrome: Lock icon β Cookies and site data β Manage on-device site data β Delete all for github.dev) Critical
Rotate all GitHub tokens (Settings β Developer settings β Personal access tokens) Critical
Review installed extensions in github.dev and remove any unfamiliar ones High
Run a secret scanner on your repositories to identify exposed tokens High
Revoke GitHub App authorizations (Settings β Applications β Authorized OAuth Apps) Medium
For Organizations
Control Implementation
Block github.dev DNS block or web proxy filter for github.dev and *.github.dev
Monitor GitHub audit logs Watch for suspicious OAuth token usage, repository access patterns, and new app installations
Enforce token restrictions Use fine-grained PATs with minimal scopes and expiration dates
Deploy runtime secret detection Alert on mass repository downloads or unusual API calls
Enable secret scanning GitHub Advanced Security to detect leaked tokens in commits
References
Β· Ammar Askar's Technical Blog Post β Original disclosure
Β· BleepingComputer Coverage β Detailed analysis
Β· The Hacker News β Attack chain summary
Acknowledgments
This vulnerability was discovered by Ammar Askar. https://blog.ammaraskar.com/github-token-stealing/
This repository provides a functional proof-of-concept for educational and defensive testing purposes.