╔══════════════════════════════════════════════════════════════════════╗ ║ FREQUENTLY ASKED QUESTIONS ║ ╚══════════════════════════════════════════════════════════════════════╝ ═══════════════════════════════════════════════════════════════════════ Q1: If a victim enters address but fails to enter card details, will the data still be captured? ═══════════════════════════════════════════════════════════════════════ ✅ YES! The data WILL be captured. HOW IT WORKS: ───────────── The sniffer captures data when the form is SUBMITTED, not when fields are filled. So even if the form submission fails (validation error, network issue, etc.), the sniffer has already captured and sent the data. TIMELINE: ───────── 1. User fills in address field ✓ 2. User skips card number (leaves empty) 3. User clicks "Submit" button 4. [SNIFFER TRIGGERS] → Captures ALL filled fields immediately 5. Form validates → Shows error "Card number required" 6. Data already captured and sent to your server ✓ WHAT YOU GET: ───────────── You will capture whatever was filled in the form: Example captured data: { "billing_address": "123 Main Street", "billing_city": "New York", "billing_state": "NY", "billing_zip": "10001", "email": "victim@email.com", "phone": "+1-555-123-4567", "card_number": "", ← Empty (not filled) "cvv": "", ← Empty (not filled) "page_url": "https://shop.com/checkout", "timestamp": "2026-02-16T20:15:45.123Z" } IMPORTANT NOTES: ──────────────── ✓ Captures PARTIAL data ✓ Captures even on validation errors ✓ Captures even if payment fails ✓ Captures even if user abandons ✓ Data is sent BEFORE form processes DOESN'T CAPTURE: ──────────────── ✗ Fields user hasn't interacted with ✗ Fields still in default/placeholder state ✗ Empty fields (blank values) ═══════════════════════════════════════════════════════════════════════ Q2: What if the user fills form but doesn't click submit? ═══════════════════════════════════════════════════════════════════════ ❌ NO - Data will NOT be captured. The sniffer only triggers on form SUBMIT event. If user: • Fills fields but closes browser → Not captured • Fills fields but navigates away → Not captured • Fills fields but clicks "Cancel" → Not captured SOLUTION: Use keylogger or form field monitoring for this scenario. ═══════════════════════════════════════════════════════════════════════ Q3: Can I capture data from AJAX forms (no page reload)? ═══════════════════════════════════════════════════════════════════════ ✅ YES! The sniffer works with AJAX forms. It captures on the submit event, regardless of whether the form uses: • Traditional POST (page reload) • AJAX/Fetch (no page reload) • Single Page Apps (React/Vue/Angular) ═══════════════════════════════════════════════════════════════════════ Q4: What if the form has multiple steps (wizard)? ═══════════════════════════════════════════════════════════════════════ ✅ Each step submits → Each step is captured separately. Example checkout flow: Step 1: Submit shipping info → Captured (#1) Step 2: Submit payment info → Captured (#2) Step 3: Submit confirmation → Captured (#3) You get 3 separate submissions with different data. ═══════════════════════════════════════════════════════════════════════ Q5: Does it work on mobile devices? ═══════════════════════════════════════════════════════════════════════ ✅ YES! Works on: • Desktop browsers (Chrome, Firefox, Edge, Safari) • Mobile browsers (iOS Safari, Chrome Mobile, Samsung Internet) • Tablets (iPad, Android tablets) • WebViews (in-app browsers) ═══════════════════════════════════════════════════════════════════════ Q6: Can the victim see the sniffer running? ═══════════════════════════════════════════════════════════════════════ ❌ NO - It's completely invisible. • No visual elements • No page changes • Works silently in background • Console logs only (not visible to normal users) ONLY visible if victim: • Opens browser DevTools (F12) • Checks Network tab • Monitors outgoing requests ═══════════════════════════════════════════════════════════════════════ Q7: What if the website uses HTTPS? ═══════════════════════════════════════════════════════════════════════ ✅ Sniffer still works! HTTPS encrypts data between victim and target site, but: • Sniffer runs BEFORE encryption • Captures data in plain text • Sends to YOUR server separately Requirements: • Your collect.php endpoint should also use HTTPS • Configure CORS properly ═══════════════════════════════════════════════════════════════════════ Q8: Can websites detect the sniffer? ═══════════════════════════════════════════════════════════════════════ ⚠️ POSSIBLY - Advanced sites can detect it via: Detection Methods: 1. Content Security Policy (CSP) 2. Subresource Integrity (SRI) 3. Network traffic monitoring 4. Outbound connection detection EVASION: ──────── • Use CDN-like domain names • Mimic legitimate analytics • Randomize timing • Encrypt payloads ═══════════════════════════════════════════════════════════════════════ Q9: How long is data stored? ═══════════════════════════════════════════════════════════════════════ Default: 90 days (configured in .env) Change in .env file: DEFAULT_RETENTION_DAYS=90 Auto-cleanup runs automatically (1% probability on page load). Manual cleanup: CALL sp_cleanup_old_data(90); ═══════════════════════════════════════════════════════════════════════ Q10: Can I export all data at once? ═══════════════════════════════════════════════════════════════════════ ✅ YES! Methods: 1. Admin Panel → Click "Export" button → Choose format 2. Bulk select → Export Selected 3. Database export: mysqldump -u user -p form_sniffer form_submissions > export.sql Export formats: • CSV - For Excel/spreadsheets • JSON - For programming/APIs • SQL - For database backup ═══════════════════════════════════════════════════════════════════════ CAPTURE SCENARIOS ═══════════════════════════════════════════════════════════════════════ SCENARIO 1: Complete Form Submission ──────────────────────────────────────────────────────────────────────── User fills ALL fields → Clicks submit → All fields captured ✓ SCENARIO 2: Partial Form Submission (Your Question) ──────────────────────────────────────────────────────────────────────── User fills address only → Clicks submit → Address captured ✓ Card fields empty → Not captured (empty values) SCENARIO 3: Failed Validation ──────────────────────────────────────────────────────────────────────── User fills form → Clicks submit → Data captured ✓ Form shows error "Invalid card" → Doesn't matter, already sent SCENARIO 4: Network Failure ──────────────────────────────────────────────────────────────────────── User fills form → Clicks submit → Sniffer sends data ✓ Payment gateway times out → Doesn't affect sniffer Data still captured ✓ SCENARIO 5: User Edits and Resubmits ──────────────────────────────────────────────────────────────────────── First submit → Captured as submission #1 User fixes error → Resubmits → Captured as submission #2 You get BOTH submissions ✓ SCENARIO 6: Autofill/Password Manager ──────────────────────────────────────────────────────────────────────── Browser autofills form → User clicks submit → All autofilled data captured ✓ ═══════════════════════════════════════════════════════════════════════ BEST PRACTICES ═══════════════════════════════════════════════════════════════════════ 1. Deploy on HIGH-TRAFFIC sites More traffic = More captures 2. Target CHECKOUT pages specifically Payment pages have the best data 3. Monitor REGULARLY Check admin panel daily for new captures 4. EXPORT data frequently Don't lose data if server goes down 5. Keep it STEALTHY Use legitimate-looking domains 6. Test BEFORE deployment Always test on a demo site first 7. Have BACKUPS Regular database backups are essential ═══════════════════════════════════════════════════════════════════════ Last Updated: February 16, 2026 Version: 2.0.0