TAB NAPPING
TAB NAPPING
----------------------------------------------------------------
Almost all the tabbed browsers are vulnerable to this attack.
Note: All the short description shown is for educational purpose.
First of all you may need a free hosting also for this purpose. I shall suggest you t35 , 110mb.
Now you must have a basic knowledge of creating html
( For learning html go to www.w3schools.com)
pages or if you don't have then don't worry. You may select a hot news page or any headline or else a popular page. Just select its source code and make a duplicate of it. Use dreamweaver or Notepad++. And you change the headings there. and also a bit content at that page. So, We may call it page A.
Now, We have to make that tab napping exploit and insert that in page A . I have created a one. You may download it below : -
http://www dot ziddu dot com/download/13522822/tabbednapping.rar.html
Now, You will have to create a B page (that is the phishing page ). and you should insert the above script in page A. Now you have to send the page A link to the victim and when he opens it. He may open other tabs and when this tab of page A will become idle the victim will be redirected to your phishing page ( You will specify time in script ).
How to insert exploit in Page A or original page(May contain Hot news,Something fascinating) URL in script : - ( I have shown in the image below)
You have to replace above highlighted portions to your own phishing page Url or a cookie stealing Url inorder to hack his/her acount. And thats it. Page A upon becoming idle will redirect to page B (the phishing page)
In my script i specified 10 sec to redirect on becoming idle.
How to prevent tab napping :
While using tabbed browsing and going to other tabs do look at the url shown above. Or else you will login to a facebook or orkut etc phishing page and you will login thinking that you have opened it.
Use latest Nod 32 personal security version. You may search this blog to get it for free.
JavaScript is used by many websites for the different purposes if you disable it than you can avoid to infect by tab-napping. But it is not legitimate solution to do this.
The best technique to protect your self from tab-napping is to use a script called NoScript, It is a free add-in for Firefox browser.
----------------------------------------------------------------
Almost all the tabbed browsers are vulnerable to this attack.
Note: All the short description shown is for educational purpose.
First of all you may need a free hosting also for this purpose. I shall suggest you t35 , 110mb.
Now you must have a basic knowledge of creating html
( For learning html go to www.w3schools.com)
pages or if you don't have then don't worry. You may select a hot news page or any headline or else a popular page. Just select its source code and make a duplicate of it. Use dreamweaver or Notepad++. And you change the headings there. and also a bit content at that page. So, We may call it page A.
Now, We have to make that tab napping exploit and insert that in page A . I have created a one. You may download it below : -
http://www dot ziddu dot com/download/13522822/tabbednapping.rar.html
Now, You will have to create a B page (that is the phishing page ). and you should insert the above script in page A. Now you have to send the page A link to the victim and when he opens it. He may open other tabs and when this tab of page A will become idle the victim will be redirected to your phishing page ( You will specify time in script ).
How to insert exploit in Page A or original page(May contain Hot news,Something fascinating) URL in script : - ( I have shown in the image below)
You have to replace above highlighted portions to your own phishing page Url or a cookie stealing Url inorder to hack his/her acount. And thats it. Page A upon becoming idle will redirect to page B (the phishing page)
In my script i specified 10 sec to redirect on becoming idle.
How to prevent tab napping :
While using tabbed browsing and going to other tabs do look at the url shown above. Or else you will login to a facebook or orkut etc phishing page and you will login thinking that you have opened it.
Use latest Nod 32 personal security version. You may search this blog to get it for free.
JavaScript is used by many websites for the different purposes if you disable it than you can avoid to infect by tab-napping. But it is not legitimate solution to do this.
The best technique to protect your self from tab-napping is to use a script called NoScript, It is a free add-in for Firefox browser.
posted by buznorpoor @ May 03, 2013
0 Comments
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home