Trending: TeCh ZoNe

Friday, May 11, 2012

:: TAB NAPPING :: [Full Tutorial] | new type of smart phishing


Phishing is the most popular and widely used method for hacking email accounts. Phishing is not as easy as it's name. Creating a phishing page is an easy task and any one can download it from various hacking forums for free. The main step of phishing comes after creation of fake login page.

How to send this fake page to the victim?

Here comes the Tab Napping which can make your second step easy than before. No need to send fake page via email to victim.

Tab Napping use the modern browser's multi tabbed environment. Now a days all people use multiple tabs for accessing Gmail, facebook, orkut and other websites simultaneously. The trick is to confuse user in his/her multiple tabs and redirect any of idle tab of his browser to your phishing silently. Tab Napping works on the user's assumption that a tabbed web page stays the same when other Internet services are being accessed.

How does tab napping work?

It is done by checking whether your page is idle or not, if it is idle or not used for some particular time period
then it gets redirected:
Things to be done:
1.check for mouse movement
2.check for scroll bar movement
3.check for keystrokes

If any of the above event is not triggered till few seconds , this means user is not using that tab, either is off from system or using other tab, so if these conditions are met, then we redirect it to our phished page, which user thinks it to be genuine page.

The idea behind this is very simple and is done by javascript. Tab napping is all about the relation of 2 pages. suppose Page A and Page B. Victim was viewing page A in a tab of a browser and then left this idle and and now using some other website in another tab of browser. If the user will not return to page A for some pre-specified time, page A will automatically redirect to Page B. This Page B is your phishing page. This redirection and cheking for user actions is done by Javascript. 

Tab napping in action:

download my tab napping script from here click on download image!!

1. first we need a simple phishing setup that we have discussed before u can get your phisher from my older posts

2. u will need ur hosting/blog/aur any webpage in which u can put the java script to sent its link to victim.

3. get ur javascript download link given above ^ u replace the link with your phishing page link in the java script from this line which comes in two places in the script

  timerRedirect = setInterval("location.href=''",10000); //set timed redirect

5. after replacing it   Now, Select all & Copy Tab Napping script and you need to paste this code at the end of the real page html code(means above).

6.this script will not make any change on ur web page or blog page. 

7. for more clear hacking shorten your tab napping url from google shortner

points:1.This script will track the user actions and as soon as the blog will kept ideal ,
2.That script will redirect the victim to the phishing page your derived.
3.Now send this blog address to your victim or u can upload your malicous webpage on a web hosting & then send the link to victim.

All Rights Reserved TeCh ZoNe | Blogger Template by Bloggermint
back to top