Friday, June 1, 2018

How to Write a (Java) Burp Suite Extension for Tabnabbing Attacks

Context and Goal

The goal of this article is to explain how to create an extension for the Burp Suite Professional, taking as implementation example the “Reverse Tabnabbing” attack.

“Reverse Tabnabbing” is an attack where an (evil) page linked from the (victim) target page is able to rewrite that page. For example, a victim's site could be replaced by a phishing site. The cause of this attack is the capacity of a new opened page to act on parent page’s content or location.



from DZone.com Feed https://ift.tt/2LaO1LZ

No comments:

Post a Comment