Hello every one. I am going to tell you about new(not so new) phishing technique called Tab Napping.
Though you all know about phishing ill start with some basic information.
If you get bored with basic then you are free to jump directly to Tab Napping
So, Phishing is one of the hacking technique which we use to take out some credential information like password and username and credit card no or what else you want....
Basically we use Phishing in these way.
1)Link Manipulation This one is so called old and one of the most used technique in web hacking. Here what we do is create a duplicate page of some popular site like facebook or twitter with misspell like fatebook or orkud....
Then register on free hosting site like my3gb or t35 or whatelse you use. now upload this page on your account and create one txt file. way to go... publish this link by mail or by tell or by social sell....
when target reach to this page he misunderstood it with original and he get to know what happen after original site say Wrong Username Or Password.. ha ha ha.
2)Filter Evasion As time passed hacking tricks get patched somehow... so filter evasion is not a technique it self. rather its an extension of link manipulation. Mail server like gmai and yahoo mail started to block this type of mail by spam filtering.
What the hell man? we can't use it any more?
Dude, wait up we are hackers after all
So, in filter evasion you patch your link with any images and then mail it, now as we know that images are disabled by default, so user have to enable manually and you get your work done. after that simple link manipulation funda.
3)Phone Phishing What!!!! seriously? i mean who the hell use phone phishing in this new era.
crazy stuff to do ha... you call some one he pick up and you say" Hello i am Mr. Richie from American credit card credential association, we got some suspicious activity on your card.. can i have your.. blah blah blah.... have a nice day Mr.Richie". and no kidding, just a little luck and you got your food.
Well this type of technique doesn't work any more in developed ares.but believe or not it still works around some Asian regions.
so this are some simple phishing technique that we all know about but last year in 2010, technique called Tab Napping come across the web.
So, whats this tab napping ha?
4)Tab Napping In simple word tab napping say.. your tab nap and you suck
Yes, tab napping can only be done in tabbed browser and now a days people use that only for sure. in tab napping when your scripted tab remain silent for some time in background then it automatically converted in phishing page without permission. and when user get back to that page he think" did i log out.. ahhh what ever" he log in again and you get your data buddy.
So, how this tab napping work?
ill give you simple example, create two page 1 and 2. one is phishing page and two is tab napping scripted page. now in this script change URL part with the link of your phishing page. now put age 2 in front of victims eyes any how. this is just an example... you can develop your own logic to do that.
that's all, now its depend on luck. if he work on other tab and your scripted tab stay silent then victim sucks......
If you have added
NoScript addon in your browser then this trick won't harm you.
i have attached one tab napping script if any body wanna use that.
