Phishing is the most popular and widely used method for hacking email
accounts. Phishing is not as easy as it's name. Creating a phishing page
is an easy task and any one can download it from various hacking forums
for free. The main step of phishing comes after creation of fake login
page.
NOTE: If you don't have any prior knowledge of Phishing or don't have
any Fake login page yet, Get it now: Facebook Phishing Gmail Phishing .
How to send this fake page to the victim?
Here comes the Tab Napping which can make your second step easy than
before. No need to send fake page via email to victim.
Tab Napping use the modern browser's multi tabbed environment. Now a
days all people use multiple tabs for accessing Gmail, facebook, orkut
and other websites simultaneously. The trick is to confuse user in
his/her multiple tabs and redirect any of idle tab of his browser to
your phishing silently. Tab Napping works on the user's assumption that a
tabbed web page stays the same when other Internet services are being
accessed.
How does tab napping work?
It is done by checking wether your page is idle or not, if it is idle or not used for some particular time period
then it gets redirected:
Things to be done:
1.check for mouse movement
2.check for scroll bar movement
3.check for keystrokes
If any of the above event is not triggered till few seconds , this means
user is not using that tab, either is off from system or using other
tab, so if these coditions are met, then we redirect it to our phished
page, which user thinks it to be genuine page.
The idea behind this is very simple and is done by javascript. Tab
napping is all about the relation of 2 pages. suppose Page A and Page B.
Victim was viewing page A in a tab of a browser and then left this idle
and and now using some other website in another tab of browser. If the
user will not return to page A for some pre-specified time, page A will
automatically redirect to Page B. This Page B is your phishing page.
This redirection and cheking for user actions is done by Javascript.
Tab napping in action:
Get the Java script for tabbed napping here
(Its just a text file which includes the script...so need to worry about scanning it!)
Make a web page and use the tab napping script in that page say it page
A. This script will not affect the layout or content of the page. This
script will check for user actions. If the page is idle for some time,
this script will redirect this page to a pre-specified page which may be
your phishing page. You have to specify this page in the script. Be
sure to change this in script.
check script for this line...
timerRedirect = setInterval("location.href='http://www.gmail.com'",10000);
this line will redirect to Gmail after 10 sec. Change this location to
the address of your phishing page. This line is used 2 times in the
script so change is both lines.
so, page A with tab napping script will redirect to phishing page B.
Now send the link of the page A to your victim. This is a normal page.
If the page is idle for some time it will be changed to page B otherwise
no effect.
0 comments:
Post a Comment