top | item 43420077 (no title) programmarchy | 11 months ago Okay, that makes sense. I thought they could just log in to a dummy site, not that it was proxying requests through to a real site. Yikes. discuss order hn newest reportgunner|11 months ago I suppose you can completely skip dummy sites when phishing for passkeys since the user doesn't know the password and therefore you don't need him to enter said password anywhere (which is why you needed a dummy site in the first place).
reportgunner|11 months ago I suppose you can completely skip dummy sites when phishing for passkeys since the user doesn't know the password and therefore you don't need him to enter said password anywhere (which is why you needed a dummy site in the first place).
reportgunner|11 months ago