Forum Discussion
Events & Breaches: Magecart Skimmer
- 7 months ago
Once you finish the checkout, look for a request sent to another server with the unencrypted details. You can do this inside of Fiddler. Alternatively, you can search for the fake information you entered, which should help you find what you're looking for!
Hi Gus!
Thank you for raising this! To locate the domain of the drop server, the user needs to navigate to the website and checkout using fake/random details. Then, you will be able to find the drop server domain used by the skimmer in Fiddler.
Let me know if you have any additional questions.
Hi Madeline - I had done that previously. I'm still stuck.
I went to checkout, then only when about to complete checkout with fake card data I launched fiddler to capture. Once checkout had completed I closed Firefox. Then exported all sessions as raw files then grepped on the results using
grep -Eorh 'https?://[^\s]+'
None of the results match Q7.