Discord MiTM Idea
Just an idea for now.
I think everyone knows that we cannot (or with google chrome keylog) decrypt the payload of requests with SSL/TLS. You can however get the URL and if I'm not mistaken the mode (POST / GET / etc)
When you reset your password or send the Discord verification email, a link is sent to your inbox with a query "#token=".
This token, being in the URL, can be obtained in MiTM attack