Someone would say something like ‘you can unlock a secret page on Facebook, just press F12 and paste this in’, and the snippet would upload the victim’s session token to the scammer’s server. So that they can use the account to promote a crypto scam or whatever.
If you paste code into the consol the code writer can do anything you can do on any website in the context of the current website you are on. So for example download files, capture any data, or take over and use your active session remotely.
I don’t get it, how does that hack/scam work?
Someone would say something like ‘you can unlock a secret page on Facebook, just press F12 and paste this in’, and the snippet would upload the victim’s session token to the scammer’s server. So that they can use the account to promote a crypto scam or whatever.
If you paste code into the consol the code writer can do anything you can do on any website in the context of the current website you are on. So for example download files, capture any data, or take over and use your active session remotely.