Skip to content
/ TabJack Public

❗ Implementation of an interesting Tab-Jacking phishing attack

License

MIT license
6 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NullDev/TabJack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
img
img
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.html
index.html
 
 
main.css
main.css
 
 
tabjack.js
tabjack.js
 
 

Repository files navigation

TabJack

Implementation of an interesting Tab-Jacking / Tab-Nabbing phishing attack

Blog post by @aza (archived version, post was deleted):

https://web.archive.org/web/20191121174508/http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

Live Version:

https://nulldev.github.io/TabJack/

What happens:

  1. You open up a normal looking website.
  2. The script detects when the tab has lost focus and hasn’t been interacted with for a while.
  3. Replace all content with a real looking phishing site.
  4. As the victim scans their many open tabs, the favicon and title will lead them to think they left a Gmail tab open.
  5. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in.
  6. After the victim entered all details, redirect them to Gmail Because they were never logged out. It will appears as if the login was successful.

Disclaimer: This is solely for education purpose only. It is just a PoC (= Proof of Concept).

About

❗ Implementation of an interesting Tab-Jacking phishing attack

Topics

education google gmail phishing nulldev tabjack azarask

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages