Differences

This shows you the differences between two versions of the page.

--- prevent_lucy_from_collecting_passwords_in_form_submits [2017/08/21 11:32] – lucy
+++ prevent_lucy_from_collecting_passwords_in_form_submits [2022/04/07 19:59] (current) – lucy
@@ Line 21: / Line 21: @@
  </html>
+===== Option 2: Do not collect any data =====
+To exclude the credentials from the POST request one should empty the name attribute of the login and password fields. So the form on index.html will look as follows:
-===== Option 2: collect full usernames, but only first three letters of the password =====
+  <form action="?login" enctype="application/x-www-form-urlencoded" method="post">
+  <input class="lucy-login-1-text" name="" placeholder="Login" type="text" /><br />
+  <input class="lucy-login-1-text" name="" placeholder="Password" type="password" /><br />
+In that case neither user login nor password will leave the victims browser.
+===== Option 3: collect full usernames, but only first three letters of the password =====
 {{ 3letters_.png?600 }}
@@ Line 76: / Line 83: @@
   </script></body>
   </html>
+ **Option 4: Adding parameters for collecting data in login forms during web-based attacks.**
+Sometimes there is a need to ask users for some extra information in the form where their credentials are supposed to be filed in and as a consequence, to upload received information. **This article is dedicated to adding new inputs in the form of the attack scenario and collecting credentials.** In web-based attacks LUCY is recording **ALL** data send back to the landing page in a form POST request. This article will help you to add more fields in your form and collect entered information.
+As you can see on the screenshot below, this form has two fields for entering the credentials (Login name and the Password). Let’s try to understand what does it consist of?