The http page just has this
<html>
<head></head>
<body>
<form action="https://secure.company.com.au:8090/login.php";
method="post">
<input type="hidden" name="verb" value="go">
<b>Client Login</b><br><br>
Username<br>
<input type="text" name="username" size="15"><br><br>
Password<br>
<input type="password" name="pass" size="15"><br><br>
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>
On Thu, May 3, 2012 at 10:59 AM, Joseph Clark <[email protected]> wrote:
> It really depends what the page does. You could try installer a web
> debugger like Fiddler <http://fiddler2.com> or
> Charles<http://www.charlesproxy.com/>(or look at the network tab in Firebug
> or the Chrome inspector) to see
> exactly where the page transmits your information to.
>
> Even if the username and password are transmitted securely, presumably
> there is some kind of ongoing session identifier being sent to & from your
> browser and the non-secure endpoint, in which case you may still be
> vulnerable to session hijacking.
>
>
> On Thu, May 3, 2012 at 10:39 AM, Brett Holden <[email protected]>wrote:
>
>> Is it safe to enter a password on a web page that is just http?
>> I've stumbled across a http page asking for my username and password. The
>> page itself is http but has a form posting to a https PHP page. I would
>> think the password gets sent in clear text but wanted to be sure.
>>
>> Cheers
>> Brett
>>
>
>
