* THIS IS ONLY A EXAMPLE OF DARA URL *
How To Create Phishing Site Without Any Webhost Using Dara URI
Hello, BTS readers, it has been long time since i blogged in this blog.
Today i come across interesting news update which share new technique
used in the Phishing attack.
Phishing is one of the popular social engineering attack used by Cybercriminals. In this method, hackers host a fake webpage which looks similar to the original page of the website.
Then, hackers lure users to the phishing page by tricking them with legitimate-looking mails. If user enter the login data in the phishing page, the info will be stored in hackers database. At the end, users will be redirected to original website so that users won't realize that they are under attack.
From the above , it is clear that Cybercriminals need a webhosting for hosting their phishing page. But the recent research shows that hosting site is no longer needed.
Henning Klevjer, an information security student at the University of Oslo in Norway, shows how a hacker can create phishing page using Data URI.
What is Data URI?
Data URLs are a Uniform Resource Identifier scheme that allow you to include data items inline in a web page as if they were being referenced as external resources. Data URLs are a form of Uniform Resource Locators, although they do not in fact remotely locate anything. Instead, the resource data is contained within the URL string itself . This saves the browser from having to make additional HTTP requests for the external resources, and can thus increase page loading speed.
For Eg:
The above code will display the following image in the page.Phishing is one of the popular social engineering attack used by Cybercriminals. In this method, hackers host a fake webpage which looks similar to the original page of the website.
Then, hackers lure users to the phishing page by tricking them with legitimate-looking mails. If user enter the login data in the phishing page, the info will be stored in hackers database. At the end, users will be redirected to original website so that users won't realize that they are under attack.
From the above , it is clear that Cybercriminals need a webhosting for hosting their phishing page. But the recent research shows that hosting site is no longer needed.
Henning Klevjer, an information security student at the University of Oslo in Norway, shows how a hacker can create phishing page using Data URI.
What is Data URI?
Data URLs are a Uniform Resource Identifier scheme that allow you to include data items inline in a web page as if they were being referenced as external resources. Data URLs are a form of Uniform Resource Locators, although they do not in fact remotely locate anything. Instead, the resource data is contained within the URL string itself . This saves the browser from having to make additional HTTP requests for the external resources, and can thus increase page loading speed.
For Eg:
<img src='data:image/gif;base64,R0lGODlhyAAyAIABAAAAAP///yH+EUNyZWF0ZWQgd2l0aCBHSU1QACH5BAEKAAEALAsADgC9ACQAAAL+jI+py+0Po5y02ouz3rz7D4biSJZmBqSoerZMCpDwHLsBvND6gWt6bXP0DEPfD3gq8o6sW/NyDD6KSgz1WaomtFqJEimNdCtXJK6Mdc62z3KOxV0vwS852z3P9/Y/9V3YFkhDFEW4k2f4p8CEwKhG11j4aIc3CXd5ODRmeDgHptlkBlpTFYcJNMppiujHw9r6qJgYiZp21/cKO7sYqrLKK0qKNWqn6zdWWSoou6lLOcxU29kpS2ttOUhL3Ie8vPuqHNNsnKrN7WhZB4kXvb690x2c65x2ZlsN+3VPL238DY6JQrk3kL4NBOjOiRhB/fD56gXxnz9+uXwBu7bEoCd0TvMqmVsoyV80bAP1uZOnahC6lHJCogtn7tM4kjIL4pp10CPCW+9sUpt0MV89aCbDGD2KVOC+pEybBlnqNKpUEMWmWr3aYSbWrVy7ev0KNqzYsWTLmj2LNq3atWzbun0LN67cuXTr2r2LN6/evXz7+v1btwAAOw==' alt='BTS_Image'/>
For Eg:
Pasting the following code in the browser address bar will load the image directly.
data:image/gif;base64,R0lGODlhyAAyAIABAAAAAP///yH+EUNyZWF0ZWQgd2l0aCBHSU1QACH5BAEKAAEALAsADgC9ACQAAAL+jI+py+0Po5y02ouz3rz7D4biSJZmBqSoerZMCpDwHLsBvND6gWt6bXP0DEPfD3gq8o6sW/NyDD6KSgz1WaomtFqJEimNdCtXJK6Mdc62z3KOxV0vwS852z3P9/Y/9V3YFkhDFEW4k2f4p8CEwKhG11j4aIc3CXd5ODRmeDgHptlkBlpTFYcJNMppiujHw9r6qJgYiZp21/cKO7sYqrLKK0qKNWqn6zdWWSoou6lLOcxU29kpS2ttOUhL3Ie8vPuqHNNsnKrN7WhZB4kXvb690x2c65x2ZlsN+3VPL238DY6JQrk3kL4NBOjOiRhB/fD56gXxnz9+uXwBu7bEoCd0TvMqmVsoyV80bAP1uZOnahC6lHJCogtn7tM4kjIL4pp10CPCW+9sUpt0MV89aCbDGD2KVOC+pEybBlnqNKpUEMWmWr3aYSbWrVy7ev0KNqzYsWTLmj2LNq3atWzbun0LN67cuXTr2r2LN6/evXz7+v1btwAAOw==Not only Image, you can load text, html and other supported formats. You got my point?! Yes, Cyber Criminals are able to load the entire phishing page using the data URI method.
The simplified version Data URI example(without base64 encoding):
data:text/html, <h1>BreakTheSecurity</h1>Entering the above Data url in browser address bar will display the "BreakTheSecurity" text in the h1 format.
Data URIs follow this scheme:
data:[<mediatype>][;base64],<data>Here, <mediatype> are one of the MIME media types described in RFC 2046[1]. Base64 encoding is optional.
How an attacker can use it for creating phishing page?
This section is not suitable for the one who doesn't know how to create normal phishing page.
Step 1:
Copy the source code from the original site(right click and select 'view page source')
Step 2:
Modify the code such that transfer user credentials to another location.
step 3:
Now encode the source code with base 64.
step 4:
Once you got the encoded code, create data uri by following the above scheme.
For Example
data:text/html;base64, encoded_code_goes_hereAlternatively you can use the site for creating the data URI:
http://software.hixie.ch/utilities/cgi/data/data
As the data url is too long, hackers will use the url shortening service. But google chrome shows warning whenever redirected from url shortening service to data url.
Post a Comment