Security Test - Phishing

Collector Log

Payloads in the Live Output column run automatically in sandboxed iframes. Fetch and beacon calls appear here (auto-refreshes every 2 s).

Waiting for hits…

Case Name Payload Expected Behavior Live Output

Injected fake login form

Phishing Security Test Cases
Case	Name	Payload	Expected Behavior	Live Output
D1	Injected fake login form	`<form action="/collect/phish" method="post"><label>Email <input name="email"></label><label>Password <input type="password" name="password"></label><button>Sign in</button></form>`	Crawler output should display this as text, not as a working login form.
D2	Invisible overlay capturing clicks	`<div style="position:fixed;inset:0;z-index:9999;opacity:0.01" onclick="fetch('/collect/click?x='+event.clientX+'&y='+event.clientY)"></div>`	Crawler output should not render an overlay or clickable handler.

<form action="/collect/phish" method="post"><label>Email <input name="email"></label><label>Password <input type="password" name="password"></label><button>Sign in</button></form>

Crawler output should display this as text, not as a working login form.

Invisible overlay capturing clicks

<div style="position:fixed;inset:0;z-index:9999;opacity:0.01" onclick="fetch('/collect/click?x='+event.clientX+'&y='+event.clientY)"></div>

Crawler output should not render an overlay or clickable handler.

Back to crawl test home