prevent_lucy_from_collecting_passwords_in_form_submits
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
prevent_lucy_from_collecting_passwords_in_form_submits [2017/08/21 11:30] – [Option 2: collect full usernames, but only first three letters of the password] lucy | prevent_lucy_from_collecting_passwords_in_form_submits [2021/08/12 23:27] – lucy | ||
---|---|---|---|
Line 21: | Line 21: | ||
</ | </ | ||
+ | ===== Option 2: Do not collect any data ===== | ||
+ | To exclude the credentials from the POST request one should empty the name attribute of the login and password fields. So the form on index.html will look as follows: | ||
- | ===== Option | + | <form action="? |
+ | <input class=" | ||
+ | <input class=" | ||
+ | In that case neither user login nor password will leave the victims browser. | ||
+ | |||
+ | ===== Option | ||
{{ 3letters_.png? | {{ 3letters_.png? | ||
Line 28: | Line 35: | ||
(1) Append onsubmit=" | (1) Append onsubmit=" | ||
- | < | + | |
- | function on_submit() | + | function on_submit() |
- | { | + | { |
- | var pass = document.getElementById(' | + | var pass = document.getElementById(' |
- | | + | document.getElementById(' |
- | return true; | + | return true; |
- | } | + | } |
- | </ | + | </ |
Here is the full HTML code of the web based scenario "Ipad Mini Promotion": | Here is the full HTML code of the web based scenario "Ipad Mini Promotion": | ||
- | < | + | |
- | <html lang=" | + | <html lang=" |
- | < | + | < |
- | <meta charset=" | + | <meta charset=" |
- | < | + | < |
- | <link href="/ | + | <link href="/ |
- | </ | + | </ |
- | < | + | < |
- | <div id=" | + | <div id=" |
- | <div id=" | + | <div id=" |
- | <!-- The form --> | + | <!-- The form --> |
- | + | <div id=" | |
- | <div id=" | + | <form action="? |
- | <form action="? | + | <div class=" |
- | <div class=" | + | <div class=" |
- | + | <div class=" | |
- | <div class=" | + | </ |
- | + | </ | |
- | <div class=" | + | </ |
- | </ | + | <div id=" |
- | </ | + | <p>We are happy to announce a special promotion together with our partner "NCC II supplies" |
- | </ | + | <br /> |
- | + | The promotion is open to all employees of company X.& | |
- | <div id=" | + | </ |
- | <p>We are happy to announce a special promotion together with our partner "NCC II supplies" | + | <div id=" |
- | <br /> | + | < |
- | The promotion is open to all employees of company X.& | + | </ |
- | </ | + | < |
- | + | function on_submit() | |
- | <div id=" | + | { |
- | < | + | var pass = document.getElementById(' |
- | </ | + | document.getElementById(' |
- | < | + | return true; |
- | function on_submit() | + | } |
- | { | + | </ |
- | var pass = document.getElementById(' | + | </ |
- | document.getElementById(' | + | |
- | return true; | + | |
- | } | + | |
- | </ | + | |
- | </ | + | |
prevent_lucy_from_collecting_passwords_in_form_submits.txt · Last modified: 2022/04/07 19:59 by lucy