• ctrl + u → encode
• if we have true credentials , check the valid response length number and comparing it with tries

we must look for other injections points like [ cookies ]