DATA URI• The data URI scheme is a URI scheme (Uniform Resource Identifier scheme) that provides a way to include data in-line in web pages as if they were external resources.• MORE INFO : http://en.wikipedia.org/wiki/Data_URI_scheme
PHISHING OLD METHOD Logs.txtFAKE URL login.php Username: firstname.lastname@example.org Password: strong p@ssw0rd All these are hosted under a website
Phishing with Data URIHyperlink mailer.php/ Redirect This fake page is not hosted Mails the hacker the stolen anywhere. Its made up of username and password. DATA URI, Base64 encoded data
Modified source code Base64 encoded Source codeModification: send the username and passwordlogged to a php file which may mail/logs it.
DATA URI PHISHING data:text/html;base64, PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= Spreading<script>window.location ="data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="</script>