Rabu, 08 Juni 2011

Tabnapping Attack Tutorial Phishing

  Tabnapping Attack Tutorial Phishing



Tabnapping is a new modern phishing method but slighly different.In tabnapping we use javascript to hack victims account.The basic steps are same as in phishing attack , Phishing is the most popular method and widely used for hacking email accounts and facebook accounts.Phishing pages can easily be downloaded from hacking blogs or forums but the thing is how to send it to a victim and make him a fool ! which is very hard task and nedded mind !!

But in tabnapping there is no need to send vitim phishing page as we have to do inphishing.Tab Napping use the modern browser's multi tabbed environment. Now a days many people use multiple tabs for accessing Gmail, facebook, orkut and other websites simultaneously.
The trick is very simple to confuse user in his/her multiple tabs and redirect any of idle tab of his browser to your phishing easily.Tab Napping works on the user's assumption that a tabbed web page stays the same when other Internet services are being accessed.

The idea behind this is very simple and is done by javascript. Tab napping is all about the relation of 2 pages. suppose Page 1 and Page 2 , Victim was viewing page 1 in a tab of a browser and then left this idle and now using some other site in another tab of browser. If the user will not return to page A for some pre-specified time, page 1 will automatically redirect to Page 2. This Page 2 is your phishing page. This redirection and cheking for user
actions is done by Javascript as i have mentioned above.




Make a web page and use the tab napping script in that page say it page 1. This script will not affect the layout or content of the page. This script will check for user actions. If the page is idle for some time, this script will redirect this page to a pre-specified page which may be your phishing page. You have to specify this page in the script. Be sure to change this in script.
check script for this line...


timerRedirect = setInterval("location.href='http://www.gmail.com'",10000);

this line will redirect to Gmail after 10 sec. Change this location to the address of yourphishing page. This line is used 2 times in the script so change is both lines.so page 1 with tab napping script will redirect to phishing page 2.


Now send the link of the page 1 to your victim. This is a normal page. If the page is idle for some time it will be changed to page 2 otherwise it will remain same. 


Download The Script: Here

0 komentar:

Posting Komentar

VISITORS

Flag Counter