Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Phishing With Data URI
1.
2. DATA URI
• The data URI scheme is a URI scheme (Uniform
Resource Identifier scheme) that provides a way to
include data in-line in web pages as if they were external
resources.
• MORE INFO :
http://en.wikipedia.org/wiki/Data_URI_scheme
3. PHISHING OLD METHOD
Logs.txt
FAKE URL login.php Username: poorguy@gmail.com
Password: strong p@ssw0rd
All these are hosted under a website
4. Phishing with Data URI
Hyperlink mailer.php
/ Redirect
This fake page is not
hosted Mails the hacker the stolen
anywhere. Its made up of username and password.
DATA URI, Base64
encoded data
5. Modified source code Base64 encoded
Source code
Modification: send the username and password
logged to a php file which may mail/logs it.
6. DATA URI PHISHING
data:text/html;base64, PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=
Spreading
<script>
window.location =
"data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4="
</script>
7. • Difficult to inject JavaScript in websites.
• Internet Explorer won’t support Data URI
Limitations