Security

TabNabber with Social-Engineer Toolkit v0.6

Leave a comment

The Social Engineering Toolkit (SET) has been updated to perform “TabNabbing” attacks.

As Mozilla Firefox creative lead Aza Raskin describes it, the attack is as elegant as it is simple: A user has multiple tabs open, and surfs to a site that uses special javacript code to silently alter the contents of a tabbed page along with the information displayed on the tab itself, so that when the user switches back to that tab it appears to be the login page for a site the user normally visits.

An attacker now just needs a copy of SET to automate the entire process — replicate a website and then get a victim to access the decoy by manipulation of browser tabs.

This video shows a successful attack using Google mail as the decoy.

Social-Engineer Toolkit (SET) v0.6 – Coming soon… from David Kennedy on Vimeo.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.