Y
Hacker News
new
|
ask
|
show
|
jobs
by
programmarchy
458 days ago
Okay, that makes sense. I thought they could just log in to a dummy site, not that it was proxying requests through to a real site. Yikes.
1 comments
reportgunner
457 days ago
I suppose you can completely skip dummy sites when phishing for passkeys since the user doesn't know the password and therefore you don't need him to enter said password anywhere (which is why you needed a dummy site in the first place).
link