⚠️ No CSP — this page is unprotected
← All demos · CSP Demo 2 of 4

Magecart Payment Skimmer

A card skimmer has been injected into the checkout page and is silently copying payment details to an attacker's server.

🔴 Unprotected ⚪ Protected
Skimmer active — card data is being exfiltrated

Checkout

Complete your purchase

🚨 Skimmer active. Everything typed into the payment form below is being copied in real time to evil-cyber-hacker.com.

💡 Open DevTools → Network tab and type into the fields below to see beacon requests firing in real time.

What's happening

A Magecart-style skimmer script loaded from evil-cyber-hacker.com is listening to keystrokes on the payment form and beaconing the data to an attacker-controlled server. Without CSP, the browser cannot distinguish legitimate from malicious scripts.

← Demo 1
1 2 3 4
Demo 3 →