8
PHISHING WITH DATA URI

Phishing With Data URI

Embed Size (px)

DESCRIPTION

New way of phishing with Data URI

Citation preview

Page 1: Phishing With Data URI

PHISHING WITH DATA URI

Page 2: Phishing With Data URI

DATA URI• The data URI scheme is a URI scheme (

Uniform Resource Identifier scheme) that provides a way to include data in-line in web pages as if they were external resources.

• MORE INFO : http://en.wikipedia.org/wiki/Data_URI_scheme

http://en.wikipedia.org/wiki/URI_scheme
http://en.wikipedia.org/wiki/Uniform_Resource_Identifier
http://en.wikipedia.org/wiki/Web_page
http://en.wikipedia.org/wiki/Data_URI_scheme
Page 3: Phishing With Data URI

PHISHING OLD METHOD

login.phpLogs.txtUsername: [email protected]: strong p@ssw0rd

FAKE URL

All these are hosted under a website

mailto:[email protected]
Page 4: Phishing With Data URI

Phishing with Data URI

mailer.phpHyperlink / Redirect

This fake page is not hosted anywhere. Its made up of DATA URI, Base64 encoded data

Mails the hacker the stolen username and password.

Page 5: Phishing With Data URI

Modified source code Base64 encoded

Modification: send the username and password logged to a php file which may mail/logs it.

Source code

Page 6: Phishing With Data URI

data:text/html;base64, PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=

Spreading<script>window.location = "data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="</script>

DATA URI PHISHING

Page 7: Phishing With Data URI

Limitations

• Difficult to inject JavaScript in websites.• Internet Explorer won’t support Data URI

Page 8: Phishing With Data URI

DEMO


PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques

Documents
Top Cyber Threats 2020 - ThreatAware · 1. Ransomware | 2. Phishing | 3. BEC | 4. Cloud SaaS | 5. Windows 7 Phishing Attacks in 2019 •Phishing accounts for 90% of data breaches

Top Cyber Threats 2020 - ThreatAware · 1. Ransomware | 2. Phishing | 3. BEC | 4. Cloud SaaS | 5. Windows 7 Phishing Attacks in 2019 •Phishing accounts for 90% of data breaches

Documents
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Internet
Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld

Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld

Documents
Data URI scheme: okayama-js-2

Data URI scheme: okayama-js-2

Technology
Phishing by data URI - Klevjers.comPhishing by data URI Henning Klevjer henning@klevjers.com October 22, 2012 1 Abstract Historically, phishing web pages have been hosted by web servers

Phishing by data URI - Klevjers.comPhishing by data URI Henning Klevjer [email protected] October 22, 2012 1 Abstract Historically, phishing web pages have been hosted by web servers

Documents
Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust

Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust

Documents
G DATA INTERNET SECURITY FÜR ANDROID · Das Modul Web-Schutz schützt Sie vor Phishing-Attacken. Es blockt Phishing-Websites, Es blockt Phishing-Websites, so dass diese auf Ihrem

G DATA INTERNET SECURITY FÜR ANDROID · Das Modul Web-Schutz schützt Sie vor Phishing-Attacken. Es blockt Phishing-Websites, Es blockt Phishing-Websites, so dass diese auf Ihrem

Documents
Data Privacy and Cybersecurity for Tax Professionals · • Identify and protect high-risk data. • Recognize the signs of phishing, spear-phishing, ransomware, malware, and other

Data Privacy and Cybersecurity for Tax Professionals · • Identify and protect high-risk data. • Recognize the signs of phishing, spear-phishing, ransomware, malware, and other

Documents
Sensitive Data? Now That's a Catch! the Psychology of Phishing

Sensitive Data? Now That's a Catch! the Psychology of Phishing

Documents
Improving information management and interoperability for ... · Linked Data / Semantic Web gantry coordinates has location subject object predicate (URI) (URI) (URI) RDF Triple Rules

Improving information management and interoperability for ... · Linked Data / Semantic Web gantry coordinates has location subject object predicate (URI) (URI) (URI) RDF Triple Rules

Documents
Phishing and Anti-Phishing

Phishing and Anti-Phishing

Spiritual
Phishing awareness from ramsac€¦ · Phishing is on the rise Spotting a phishing email is an important skill to master because phishing accounts for 90% of data breaches. And once

Phishing awareness from ramsac€¦ · Phishing is on the rise Spotting a phishing email is an important skill to master because phishing accounts for 90% of data breaches. And once

Documents
Vlaamse URI-standaard voor data · 2020. 11. 3. · Informatie Vlaanderen /// 6 /// 17 29.03.17 /// Vlaamse URI-standaard voor data 2 SCOPE De in dit document opgegeven vormregels

Vlaamse URI-standaard voor data · 2020. 11. 3. · Informatie Vlaanderen /// 6 /// 17 29.03.17 /// Vlaamse URI-standaard voor data 2 SCOPE De in dit document opgegeven vormregels

Documents
AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails

AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails

Documents
SPEAR PHISHING - dandh.com...SPEAR PHISHING VS PHISHING Spear phishing and phishing attacks both leverage impersonation to commit fraud. The difference between the two is that spear

SPEAR PHISHING - dandh.com...SPEAR PHISHING VS PHISHING Spear phishing and phishing attacks both leverage impersonation to commit fraud. The difference between the two is that spear

Documents
Detecting a Phishing Attack with Phishing Intelligence ... · Detecting a Phishing Attack with Phishing Intelligence Engine (PIE) 1 Phishing Statistics: What Every Business Needs

Detecting a Phishing Attack with Phishing Intelligence ... · Detecting a Phishing Attack with Phishing Intelligence Engine (PIE) 1 Phishing Statistics: What Every Business Needs

Documents
Be Careful What You Wish For · Data Breach – Types Hacking Phishing/spear phishing Brute force attack SQL injection Advanced Persistent Threat (APT) Data theft or loss Media stolen

Be Careful What You Wish For · Data Breach – Types Hacking Phishing/spear phishing Brute force attack SQL injection Advanced Persistent Threat (APT) Data theft or loss Media stolen

Documents
Data Structures Haim Kaplan & Uri Zwick December 2013 Binary Heaps 1

Data Structures Haim Kaplan & Uri Zwick December 2013 Binary Heaps 1

Documents
Linked Data Patterns-URI Patterning Models

Linked Data Patterns-URI Patterning Models

Documents
TECHNICAL DATA SHEET URI TABS - Pulitostore.it

TECHNICAL DATA SHEET URI TABS - Pulitostore.it

Documents
Phishing - Fred 151 · 2020-03-21 · di Phishing. 2 Identificare Come riconoscere il Phishing. Cosa fare se siamo vittime di Phishing 3 Esempi Esempi di email di Phishing. 4 Test

Phishing - Fred 151 · 2020-03-21 · di Phishing. 2 Identificare Come riconoscere il Phishing. Cosa fare se siamo vittime di Phishing 3 Esempi Esempi di email di Phishing. 4 Test

Documents
Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed

Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed

Documents
Pwning, Phishing, Clickjacking: Risks to Data Security...3 "Pwning, Phishing, Clickjacking: Risks to Data Security" © Enclave Security 2019 2018’s Biggest Data Breaches •Facebook

Pwning, Phishing, Clickjacking: Risks to Data Security...3 "Pwning, Phishing, Clickjacking: Risks to Data Security" © Enclave Security 2019 2018’s Biggest Data Breaches •Facebook

Documents
G DATA Software · Das Modul Web-Schutz schützt Sie vor Phishing-Attacken. Es blockt Phishing-Websites, Es blockt Phishing-Websites, so dass diese auf Ihrem Android-Browser und auf

G DATA Software · Das Modul Web-Schutz schützt Sie vor Phishing-Attacken. Es blockt Phishing-Websites, Es blockt Phishing-Websites, so dass diese auf Ihrem Android-Browser und auf

Documents
URI Identity Management for Semantic Web Data Integration and Linkage

URI Identity Management for Semantic Web Data Integration and Linkage

Documents
A Proactive Anti-Phishing Tool Using Fuzzy Logic …onlinepresent.org/proceedings/vol4_2012/47.pdfA Proactive Anti-Phishing Tool Using Fuzzy Logic and RIPPER Data Mining Classification

A Proactive Anti-Phishing Tool Using Fuzzy Logic …onlinepresent.org/proceedings/vol4_2012/47.pdfA Proactive Anti-Phishing Tool Using Fuzzy Logic and RIPPER Data Mining Classification

Documents
Data sheet AntiFraud Protect your brand from phishing and malware … · 2020-07-16 · Protect your brand from phishing and malware attacks Data sheet | AntiFraud Overview For brand

Data sheet AntiFraud Protect your brand from phishing and malware … · 2020-07-16 · Protect your brand from phishing and malware attacks Data sheet | AntiFraud Overview For brand

Documents
What is Phishing | How to Spot a Phishing email or Website 2020 | Antivirus for Phishing Attack

What is Phishing | How to Spot a Phishing email or Website 2020 | Antivirus for Phishing Attack

Services
Phishing Spear Phishing - ASSP Region I€¦ · Phishing& Spear Phishing attacks are similar -key differences: •Phishingcampaign -very broad and automated, think 'spray & pray’

Phishing Spear Phishing - ASSP Region I€¦ · Phishing& Spear Phishing attacks are similar -key differences: •Phishingcampaign -very broad and automated, think 'spray & pray’

Documents