Saturday, December 7, 2013

10:02 AM
Tabnabbing                                                                                   



The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in one of the open tabs in your browser 
Requirements :
 1. A free web hosting site - you can use 110mb.com or ripway.com
You should have the following files which are required for tabnabbing   
  1. Facebook.html  -Fake Facebook login page (phisher) 
  2. login.php - Script which captures the login details of the victim
  3. google.html - Standard google page used to trick the user
  4. tabnabb.js - Java script which is required for tabnabbing

      To download all files    click here
       and to get password    click here  
    
procedure
 1. First a fall  download all  the files and extract them using winrar or win-zip , Then upload  facebook.html ,login.php & google.html to your free web webhosting account

2. Now open tabnabb.js using a notepad , Search for "Enter your URL here" , Now replace it with your "Facebook.html" url which you uploaded in the previous step, finally save it and upload  tabnabb.js to your hosting account

3. By now you should have successfully uploaded all the four files to your hosting account as shown

4. Now to check whether the hack is working, click on the google.html link and open it , Now open few new tabs , After some time you will see google page switched to your fake Facebook page

5. Now once the victim enters all his credentials in our fake facebook login page and clicks login, he will be redirected to Facebook.com/careers  page to avoid suspecion

6. To see the victim login details go to your hosting account where you will see a new file "log.txt" Open it to see the victims user-id and password


0 comments:

Post a Comment