Troy Hunt: Your login form posts to HTTPS, but you blew it when you loaded it over HTTP
From Fiamma
Jump to navigationJump to searchhttps://www.troyhunt.com/your-login-form-posts-to-https-but-you/
Troy Hunt: Your login form posts to HTTPS, but you blew it when you loaded it over HTTP
Complexity: 6 Rating: 8
The fact that it's loaded via https allows us to change it, in this case using a Javascript keylogger to post to another website every time a character is typed.
For example: https://wiremask.eu/articles/xss-keylogger-turorial/,
