It shows the fake credit card input page (Figure 5) and temporarily stores the information in the device while waiting for commands from the attacker. Figure 8. login_kotak class steals card information and other personally identifiable information (PII)...
Sometimes you need to test a feature that requires not just SSL (https) but also to run under a certain domain. For example, testing an OAuth application will mean running your development environment at the right callback URL, especially when the OAuth provider doesn't support custom callbacks...