Login — POST + type=password

Canonical credential-stuffing form shape: standard POST with input[type="password"]. Tests whether the intermediary intercepts password-field automation or POSTs to login endpoints.

Submission target: POST /login/post. Accepts anything; sets __session + bb_session_js cookies and 302-redirects to /, like a real login would. To see what reached the server, check your browser's network tab.