We all are familiar with the technique of phishing, tab-napping is the advanced form of phishing is out in the market,
in which when u open any genuine page say the page of any legitimate website like any shop,etc... and if you dont use that
page or in short if that page is kept idle for few seconds because of many reasons like we start browsing other site,
attending phone calls etc, then malicious page automatically gets redirected to phished page or duplicate page of popular sites
like gmail,orkut,facebook,yahoo,etc... which we didnt notice, coz.. we never opened that page, so it looks kinda of genuine page.
=================================================================================================================================
Method:
How this is done:
It is done by checking wether your page is idle or not, if it is idle or not used for some particular time period
then it gets redirected:
Things to be done:
1.check for mouse movement
2.check for scroll bar movement
3.check for keystrokes
If any of the above event is not triggered till few seconds , this means user is not using that tab, either is off from system
or using other tab, so if these conditions are met, then we redirect it to our phished page, which user thinks it to be genuine
page.
===================================================================================================================
Code:
http://tinypaste.com/e94a51
================================================================
demo:http://slayericw.zxq.net/tabnappingdemo.html
ADVANCED PHISING TECHNIQUE: Tab Napping
Related Posts
Subscribe to:
Post Comments (Atom)
Post a Comment