For the standard (non-password) user input field such as the user name, FortiWeb obfuscates the name of the input field into a meaningless character string.
FortiWeb only obfuscates the name of the standard input field. The value of the standard input field can't be obfuscated, encrypted, or Anti-keylogged. |
As shown in the following screenshot, for the input field which is in the "text" input type (non-password type), FortiWeb obfuscates the name of this input field. The value of the user input is kept as is.
The MiTB attack won't take this user input field as its target because the obfuscated name is meaningless to it.
To add the standard user input fields in the MiTB rule:
For example, if you want to protect the user input field named as "Card 1", the configuration looks like the following:
Related Topics: