https://stackoverflow.com/questions/23321558
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianUnless you are able to read the source code of the script processing your password, there is no way to know what's happening to it behind the scenes.
But there are some things about security you can find out on the client side, just to get a feel about the kind of security level this web application adheres to.
- Check if the website is using a valid SSL certificate. This already tells you something on how feasible it is for someone to do network sniffing.
- Have a look in the HTML source, and see how the form submitting your data is built. Is it using a
POSTrequest and not aGET? - Register with a fake account and check your cookies. Do you see anything that looks like your session information is saved in plain text or base64? And if something looks like base64 (the string ends with
=or==), decode it and see what the string really contains.
