• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Phishing With Data URI
 

Phishing With Data URI

on

  • 1,389 views

New way of phishing with Data URI

New way of phishing with Data URI

Statistics

Views

Total Views
1,389
Views on SlideShare
1,130
Embed Views
259

Actions

Likes
0
Downloads
11
Comments
0

19 Embeds 259

http://iamajin.blogspot.in 136
http://iamajin.blogspot.com 81
http://iamajin.blogspot.co.uk 10
http://iamajin.blogspot.ca 4
http://iamajin.blogspot.com.br 4
http://iamajin.blogspot.jp 3
http://iamajin.blogspot.ae 3
http://iamajin.blogspot.ro 2
http://iamajin.blogspot.it 2
http://iamajin.blogspot.no 2
http://iamajin.blogspot.nl 2
http://iamajin.blogspot.de 2
http://iamajin.blogspot.fr 2
http://iamajin.blogspot.hk 1
http://iamajin.blogspot.ru 1
http://iamajin.blogspot.gr 1
http://iamajin.blogspot.mx 1
http://iamajin.blogspot.com.es 1
http://iamajin.blogspot.co.il 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Phishing With Data URI Phishing With Data URI Presentation Transcript

    • DATA URI• The data URI scheme is a URI scheme (Uniform Resource Identifier scheme) that provides a way to include data in-line in web pages as if they were external resources.• MORE INFO : http://en.wikipedia.org/wiki/Data_URI_scheme
    • PHISHING OLD METHOD Logs.txtFAKE URL login.php Username: poorguy@gmail.com Password: strong p@ssw0rd All these are hosted under a website
    • Phishing with Data URIHyperlink mailer.php/ Redirect This fake page is not hosted Mails the hacker the stolen anywhere. Its made up of username and password. DATA URI, Base64 encoded data
    • Modified source code Base64 encoded Source codeModification: send the username and passwordlogged to a php file which may mail/logs it.
    • DATA URI PHISHING data:text/html;base64, PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= Spreading<script>window.location ="data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="</script>
    • • Difficult to inject JavaScript in websites.• Internet Explorer won’t support Data URILimitations
    • DEMO