How google is protecting the MITM attack
If we intercept Google account creation form using burp and change any form data, even a single character in the first name and forward the request will result in to "Some thing went wrong" page Can any one point me some guidance or resource to refer on getting some idea on how beautifully Google is handling this. If we look in to cookie of the request we can see only, NID and ANID. I guess these are something related to user preference.
When intercepting the POST request, notice the field
f.req, an array that contains the account data, including the account e-mail address and the password. The first element of this array is 168 bits of binary data encoded in base64url. This correspond to the output of a SHA-1 hash or HMAC. This allows the server to verify the integrity of the sent data, ensuring that nothing went wrong.