HTML Opener - Can we use different elements in a condition?
Trying to do something real basic, but unfortunately I seem too dumb to get around to making it work.
I would like to use the HTML opener to extract the SCRIPT tag and the FORM tag and use both in a condition in order to show a block page when certain combination of keywords & HTML attributes are present .
HTML Opener "TEST":
script -- Only open start tags = FALSE
form -- Only open start tags = TRUE
Top level Rule "Warning to users"
Criteria: Connection.Protocol = HTTP
Applies to: RESPONSES / EMBEDDED OBJECTS
Enable HTML Opener "TEST"
body.text does not match "*username*" & body.text does not match "*password*"
Action: Stop RuleSet
HTMLElement.Attribute "METHOD" matches "POST" & HTMLElement.Attribute "ACTION" does not match "https://*"
Action: Block + show block page "Credentials sent over HTTP"
This doesn't work the way I would like it to work. What basically happens when I look at the rule tracing is that the ruleset will first trigger on step 2 of the ruleset for the SCRIPT tag (combination of 'username' and 'password' ) but then when it evaluates the "HTMLElement.Attribute", it returns false because the current tag being evaluated is still the SCRIPT tag.
I would basically like to figure out a way to show a block page to the users when a page seems to be asking for credentials (username/password) with a form POST that is not over HTTPS. There are plenty of examples of phishing websites that will use a simple HTTP page asking the users for their credentials and then submit using a form POST over HTTP and unfortunately a lot of users fall for these basic phishing scams...