Web Spoofing is Tricking Someone into visiting a Website other than one they intend to visit ,by creating a similar website.
The attacker must somehow lure the victim into the attacker’s false web.
its working is shown as above..
The attacker must somehow lure the victim into the attacker’s false web.
There are several ways to do this.
- A Phisher could insert a malicious script inside a product review to attack the user.
- The Script would modify the host site so that the user believes he/she is interacting with secure site.
- This technique is also called as “Cross Scripting.”
- Assuming the attacker’s server is on the machine www.attacker.org, the attacker rewrites a URL by adding http://www.attacker.org to the front of the URL.
- Example:
- http://home.netscape.com www.attacker.com/http://home.netscape.com
- Once the attacker’s server has fetched the real document needed to satisfy the request, the attacker rewrites all of the URLs in the document
- Then the attacker’s server provides the rewritten page to the victim’s browser.
- If the victim follows a link on the new page, the victim remains trapped in the attacker’s false web.
No comments:
Post a Comment