You'll need to fake much more than just that. Usually the bank website will ask you to confirm the transaction by opening the banking app on your mobile phone.

Not really, since in modern 3DS implementations, the redirect pretty much only shows a modal saying "check your phone for a notification and confirm this payment there".

Worst case, you'll be entering a one-time code received out of band, e.g. via SMS, and that message will mention what you are consenting to by entering it anywhere, so even MITM attacks are very hard.

The days of entering a static password in 3DS are long gone.

not really, the redirect itself is happening at EMV DS level, not by the merchant himself. Merchant has no idea what bank your card belongs to, so he does not know which bank to redirect you to.