Tabnabbing 
The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in one of the open tabs in your browser
Requirements :
1. A free web hosting site - you can use 110mb.com or ripway.com
. You should have the following files which are required for tabnabbing
- Facebook.html -Fake Facebook login page (phisher)
- login.php - Script which captures the login details of the victim
- google.html - Standard google page used to trick the user
- tabnabb.js - Java script which is required for tabnabbing
To download all files click here
and to get password click here
procedure
1. First a fall download all the files and extract them using winrar or win-zip , Then upload facebook.html ,login.php & google.html to your free web webhosting account
2. Now open tabnabb.js using a notepad , Search for "Enter your URL here" , Now replace it with your "Facebook.html" url which you uploaded in the previous step, finally save it and upload tabnabb.js to your hosting account
3. By now you should have successfully uploaded all the four files to your hosting account as shown
4. Now to check whether the hack is working, click on the google.html link and open it , Now open few new tabs , After some time you will see google page switched to your fake Facebook page
5. Now once the victim enters all his credentials in our fake facebook login page and clicks login, he will be redirected to Facebook.com/careers page to avoid suspecion
6. To see the victim login details go to your hosting account where you will see a new file "log.txt" Open it to see the victims user-id and password
0 comments:
Post a Comment