Tabnabbing Attack
Tabnabbing is another form of phishing attack, where the attacker takes advantage of the fact that
the victim doesn’t normally think that tabs will change when he is not around. This type of attack
would rewrite the existing tab with the attacker’s website. Whenever the victim comes back to that
tab, he will think that he has logged out of a particular website and would try to log in again, and
as soon as the victim logs in to his account, the attacker will capture the credentials. The SET can
be used to launch this attack. Let’s see how it’s done.
Step 1
—Just beneath the “Credential Harvester” option, you will see “Tabnabbing attack.”
Inside it, you will see the options for “Web templates.” Click on the “Site Cloner,” since the
tabnabbing attack method does not support the first one.
Step 2
—Next, it will ask for the IP address where the attack is to be hosted followed by the
website to clone, which in our case is gmail.com. Once you are done providing this informa-
tion, the attack will be launched automatically.
216
◾
Ethical Hacking and Penetration Testing Guide
Step 3
—Now, let’s see the attack on the victim’s website. As soon as the victim loads the site,
he will see the following screen:
As soon as he switches the tab, the website will be redirected to the fake gmail log-in page.
As soon as our victim enters the credentials, his credentials will be saved.
Other Attack Vectors
We have other advanced attack vectors in the SET related to phishing. One of them is “Man Left
in the Middle,” where the attacker requires an XSS vulnerability to trigger an attack. Since we
haven’t learned about XSS vulnerability yet, we won’t discuss it now. We will learn all about it in
the “Web Hacking” chapter (Chapter 12). Another great attack vector is the “Web Jacking” attack
vector, where the victim would be presented a link stating “Website has been moved.” When the
victim hovers his mouse over the link, it would point to the real URL, not the attacker’s URL.
Here is what the victim would be presented with:
Whenever the victim clicks on it, gmail.com will open; however, it will be replaced with our
malicious webserver after a few seconds.
Tip
:
A better attack strategy is to register a domain similar to the real domain; for example, in the
case of facebook.com, you can register faceboook.com and host your attack there
.
Client Side Exploitation
◾
Dostları ilə paylaş: |