prevent_lucy_from_collecting_passwords_in_form_submits
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
prevent_lucy_from_collecting_passwords_in_form_submits [2017/08/21 11:30] – [Option 2: collect full usernames, but only first three letters of the password] lucy | prevent_lucy_from_collecting_passwords_in_form_submits [2022/04/07 19:59] (current) – lucy | ||
---|---|---|---|
Line 21: | Line 21: | ||
</ | </ | ||
+ | ===== Option 2: Do not collect any data ===== | ||
+ | To exclude the credentials from the POST request one should empty the name attribute of the login and password fields. So the form on index.html will look as follows: | ||
- | ===== Option | + | <form action="? |
+ | <input class=" | ||
+ | <input class=" | ||
+ | In that case neither user login nor password will leave the victims browser. | ||
+ | |||
+ | ===== Option | ||
{{ 3letters_.png? | {{ 3letters_.png? | ||
Line 28: | Line 35: | ||
(1) Append onsubmit=" | (1) Append onsubmit=" | ||
- | < | + | |
- | function on_submit() | + | function on_submit() |
- | { | + | { |
- | var pass = document.getElementById(' | + | var pass = document.getElementById(' |
- | | + | document.getElementById(' |
- | return true; | + | return true; |
- | } | + | } |
- | </ | + | </ |
Here is the full HTML code of the web based scenario "Ipad Mini Promotion": | Here is the full HTML code of the web based scenario "Ipad Mini Promotion": | ||
- | < | + | |
- | <html lang=" | + | <html lang=" |
- | < | + | < |
- | <meta charset=" | + | <meta charset=" |
- | < | + | < |
- | <link href="/ | + | <link href="/ |
- | </ | + | </ |
- | < | + | < |
- | <div id=" | + | <div id=" |
- | <div id=" | + | <div id=" |
- | <!-- The form --> | + | <!-- The form --> |
- | + | <div id=" | |
- | <div id=" | + | <form action="? |
- | <form action="? | + | <div class=" |
- | <div class=" | + | <div class=" |
+ | <div class=" | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | <div id=" | ||
+ | <p>We are happy to announce a special promotion together with our partner "NCC II supplies" | ||
+ | <br /> | ||
+ | The promotion is open to all employees of company X.& | ||
+ | </ | ||
+ | <div id=" | ||
+ | < | ||
+ | </ | ||
+ | < | ||
+ | function on_submit() | ||
+ | { | ||
+ | var pass = document.getElementById(' | ||
+ | document.getElementById(' | ||
+ | return true; | ||
+ | } | ||
+ | </ | ||
+ | </html> | ||
- | <div class=" | + | |
+ | |||
+ | Sometimes there is a need to ask users for some extra information in the form where their credentials are supposed to be filed in and as a consequence, | ||
- | <div class=" | + | As you can see on the screenshot below, this form has two fields for entering the credentials (Login name and the Password). Let’s try to understand what does it consist of? |
- | </form> | + | |
- | </ | + | |
- | </ | + | |
- | <div id=" | ||
- | <p>We are happy to announce a special promotion together with our partner "NCC II supplies" | ||
- | <br /> | ||
- | The promotion is open to all employees of company X.& | ||
- | </ | ||
- | <div id=" | ||
- | < | ||
- | </ | ||
- | < | ||
- | function on_submit() | ||
- | { | ||
- | var pass = document.getElementById(' | ||
- | document.getElementById(' | ||
- | return true; | ||
- | } | ||
- | </ | ||
- | </ | ||
prevent_lucy_from_collecting_passwords_in_form_submits.1503307841.txt.gz · Last modified: 2019/07/25 12:51 (external edit)