Hacker News new | past | comments | ask | show | jobs | submit login

In such a case one would expect the evil page to present something that looked like a credit card input to the user, but not to the browser. Sites would still want to use HSTS to combat the MITMing itself.



Nope, too risky. Just redirect to an evil HTTPS page, and do all your phishing there - look, it's got the green lock and everything >;-)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: