Tabnabbing
is a computer exploit and phishing attack, which persuades users to
submit their login details and passwords to popular websites by
impersonating those sites and convincing the user that the site is
genuine.The attack takes advantage of user trust and
inattention to detail in regard to tabs, and the ability of modern
web pages to rewrite tabs and their contents a long time after the
page is loaded. Tabnabbing operates in reverse of most phishing
attacks in that it doesn’t ask users to click on an obfuscated link
but instead loads a fake page in one of the open tabs in your browser
We
cover two methods of tabnabbing.
(1)Manual.
(2)With
the help of S.E.T.
Tabnabbing
with help of S.E.T?
(1)Open
S.E.T.(you can find how to install & configure set here?)
(2)Select
option 1 which is Social-Engineering Attacks.
(3)Select
option 2 which is Website Attack Vectors.
(4)Now
option-4 which is tabnabbing attack method
(5)Select
site cloner.
(6)Enter
URL OF site. (For example if you want to hack gmail account of victim
,then type gmail.com.)
(7)Send
link of your I.P. To victim via mail or chat.(You can aslo spoofemail. See here.)
(8)As
soon as he open tab , he found message that “please wait while site
is loading.”
(9)when
victim change tab, it redirect him to your phishing page.
In
next tutorial we will see manual method of tabnabbing. Because if you
have dynamic I.p than this method is not so useful, because as soon
as your I.p. Change , listner of S.E.T. Is stopped. So you cannot get
passowrd of victim.
No comments:
Post a Comment