Tabnabbing: A New Type of Phishing Attack

[Medici]

I got to thinking about how this could be used in AM. Though, it's pretty sure to get you arrested any way you go.

1. Visitor hits your LP
2. Visitor wants to leave
3. They click the back button
4. Your script grabs their previous page's code from their cache
5. You load that up on top of your lander
6. They click a link
7. You have script not visit it and instead try to load a large file or something to make the page take forever to go
8. Visitor visits another tab while waiting
9. You load up some page like Gmail in that demonstration
10. They input their data
11. You again make it take forever to load the page
12. They visit another tab while waiting
13. You direct them to the actual page they were trying to visit originally in step 3
14. Later, you start sending their E-mail offers until they buy something because ya'll aren't out to steal their personal info by storing their password

That's not very creative. move beyond just jacking their email and think how this can be made to look whitehat. i'd love to spill the beans but fuck that.

 

[puravida]

didnt work on ubuntu

 

[gutterseo]

didnt work on ubuntu

I've never tried the ubuntu browser which one is that.

and it does work in firefox running in ubuntu.

 

[Royalty]

There isn't a ubuntu browser lol they use firefox

 

[mpbiz]

Holy fuck. That is awesome.

agreed

 

[mark9510]

This is completely evil. Its perfect to get easy optins but im not sure how effective that would be

 

[Bawazeer]

HEHEHEHE

That was really awesome :action-smiley-052:

 

[highrollin01]

Since i dont know .js, i will paypal someone a whole 5 bucks if you can insert notes on the source code so that I will be able to modify it.
private me

 

[kblessinggr]

Since i dont know .js, i will paypal someone a whole 5 bucks if you can insert notes on the source code so that I will be able to modify it.
private me

:/ Just 5$ for technical writing and hand-holding, especially since I can guarantee you're probably gona hit the same person up for some one-on-one help with whatever note they wrote.

 

[dennyray]

That's not very creative. move beyond just jacking their email and think how this can be made to look whitehat. i'd love to spill the beans but fuck that.

spill them beans lol

 

[subigo]

Sucker. Didn't work on me.

/safari on the iPad = one tab at a time
//wait...

 

[mzonas]

Shit. Will have to check the URL. I don't wanna lose paypal and other stuff ...

 

[Medici]

the attack has a fault in that it uses js. some cat went and replicated it without js.

Eitan Adler's thoughts: Tabnabbing Without Javascript

 

[Not Your Friend]

That's some crazy shit right there.

 

[liquidpillow]

That is indeed shady stuff. Of course, I find it pretty remarkable how many people must be totally oblivious when taking care of secure stuff online to be fooled by all these scams.