16
Web spoofing

Web spoofing

Embed Size (px)

Citation preview

Page 1: Web spoofing

Web spoofing

Page 2: Web spoofing

Web Spoofing:

Allows an attacker to create a “shadow copy” of the entire World Wide Web.

Attacker creates misleading context in order to trick the victim. Attack is like a con game. Online fraud.

Web spoofing

Page 3: Web spoofing

STEPS INVOLVED: URL Rewriting Forms “Secure” Connections

Web spoofing

Page 4: Web spoofing

URL REWRITING: The attacker’s first trick is to rewrite all of the URLs on some web

page so that they point to the attacker’s server rather than the real server..

Once the attacker’s server has fetched the real document needed to satisfy the request, the attacker rewrites all of the URLs. in the document into the same special form. Then the attacker’s server provides the rewritten page to the victim’s browser.

If the victim fallows a link on the new page, the victim remains trapped in the attacker’s false web.

Web spoofing

Page 5: Web spoofing

FORMS: When the victim submits a form, the submitted data goes to the

attacker’s server. The attacker’s server can observe and even modify the submitted data, doing whatever malicious editing desired, before passing it on to the real server.

Web spoofing

Page 6: Web spoofing

Spoofing attacks in the physical world as well as the electronic world

In the physical world For example, there have been several incidents in which criminals set up bogus automated teller machines. the criminal copy the victim’s card and use the duplicate.

In the these attack people were fooled for the context what they saw. The location of the machine and The appearance of their electronic displays.

People using computer system often makes security relevant decisions based on contextual cues they see. For example you might decide to type in you account number because you believe you are visiting your bank’s web page. This belief might arise because the page has a familiar look.

Web spoofing

Page 7: Web spoofing

CONTEXT:

A browser presents many types of context that users might rely on to make decisions.

Appearance – the appearance of an object might convey a certain impressions.

Name of Objects – people often deduce what is in a file by its name.

Timing of Events – if 2 things happen at the same time, the user might think they are related.

Web spoofing

Page 8: Web spoofing

Consequences Surveillance – the attacker can passively watch the traffic, recording

which pages the victim visits and the contacts of those pages. (This allows the attacker to observe any account numbers or passwords the victim enters.)

Tampering – the attacker can modify any of the data traveling in either

direction between the victim and the Web. (The attacker would change the product number, quantity or ship to address.)

Web spoofing

Page 9: Web spoofing

SECURE” CONNECTIONS:

The victim’s browser says it has secure connection because it does have one. Unfortunately the secure connection I to the and not the place the victim is think it is. The victim’s browser think everything is fine: it was told to the secure connection indicator only gives the victim a false sense of security.

Web spoofing

Page 10: Web spoofing

How does the Attack Work?

1. Request Spoof URL

www.attacker.org

www.server.com

2. Request real URL

3. Real Page

contents

4. Change page

5. Spoofed page

Web spoofing

Page 11: Web spoofing

STARTING THE ATTACK: The attacker must somehow lure the victim into the attacker’s

false web. there are several ways to do this. An attacker could put a link to false Web onto popular Web page. If the victim is using Web-enabled email, the attacker could email

the victim a pointer to false Web. Finally, the attacker could trick a web search engine into indexing

part of a false Web.

Web spoofing

Page 12: Web spoofing

REMEDIES : Follows three part strategy Disable java script in your browser so the attacker will be unable to hide the evidence of the attack. make sure your browser’s location line is always visible.Pay attention to the URL’s. displayed on sure your browser’s location line,making sure they always point to the server. u think ur connected to protecting.

Page 13: Web spoofing

Protecting yourself against e-mail or online fraud

Don’t take anything for granted. Do not click on links you receive in an e-mail message asking for

sensitive personal, financial or account information. Call the company directly to confirm requests for updating or

verifying personal or account information. Do not share your ID’s or pass codes with anyone. Look for secure connections on Web sites. Always sign off Web sites or secure areas of Web Sites. When your computer is not in use, shut it down or disconnect it

from the Internet.

Web spoofing

Page 14: Web spoofing

CONCLUSION

Use the technology in a proper wayDo not encourage the people for finding such

kind of harmful technologies

Web spoofing

Page 15: Web spoofing

Web spoofing

Page 16: Web spoofing

A. sai Kumar

Web spoofing


Preventing Web-Spoofing with Automatic Detecting … · ISPEC 2006 – HangZhou, China Preventing Web-Spoofing with Automatic Detecting Security Indicator Fang Qi, Feng Bao, Tieyan

Preventing Web-Spoofing with Automatic Detecting … · ISPEC 2006 – HangZhou, China Preventing Web-Spoofing with Automatic Detecting Security Indicator Fang Qi, Feng Bao, Tieyan

Documents
Online ID theft techniques, investigation and · PDF fileOnline ID theft techniques, investigation and response 79 4 Web-spoofing Web spoofing is the method by which the users believe

Online ID theft techniques, investigation and · PDF fileOnline ID theft techniques, investigation and response 79 4 Web-spoofing Web spoofing is the method by which the users believe

Documents
Web Spoofing documentation

Web Spoofing documentation

Documents
Ip Spoofing

Ip Spoofing

Documents
DHCP Spoofing

DHCP Spoofing

Software
181 Web Spoofing

181 Web Spoofing

Documents
Spoofing Sem

Spoofing Sem

Documents
PASBO SUMMER PARTNERSHIP WEB FORUMfile2.pasbo.org/Summer Partnership Web Forum.pdf · PASBO SUMMER PARTNERSHIP WEB FORUM AUGUST 17, 2017. ... e-mail spoofing ... Email & Website Spoofing

PASBO SUMMER PARTNERSHIP WEB FORUMfile2.pasbo.org/Summer Partnership Web Forum.pdf · PASBO SUMMER PARTNERSHIP WEB FORUM AUGUST 17, 2017. ... e-mail spoofing ... Email & Website Spoofing

Documents
WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed

Documents
ARP Spoofing

ARP Spoofing

Technology
3-3 Studies on Countermeasures for Spoofing …...3-3 Studies on Countermeasures for Spoofing Attacks — Cases of IP Address Spoofing and Web Spoofing — 宮本大輔 櫨山寛章

3-3 Studies on Countermeasures for Spoofing …...3-3 Studies on Countermeasures for Spoofing Attacks — Cases of IP Address Spoofing and Web Spoofing — 宮本大輔 櫨山寛章

Documents
Web Spoofing

Web Spoofing

Documents
SSL Spoofing - IEEE Entity Web Hosting · § SSL Spoofing § Using sslstrip § Preventing SSL Spoofing § Examples of stripped sites. How SSL works Web Server Client PC Client hello

SSL Spoofing - IEEE Entity Web Hosting · § SSL Spoofing § Using sslstrip § Preventing SSL Spoofing § Examples of stripped sites. How SSL works Web Server Client PC Client hello

Documents
Techniques for Spoofing and for Spoofing Mitigationitsnt.recherche.enac.fr/application/files/6314/5380/1042/enac2015... · Techniques for Spoofing and for Spoofing Mitigation

Techniques for Spoofing and for Spoofing Mitigationitsnt.recherche.enac.fr/application/files/6314/5380/1042/enac2015... · Techniques for Spoofing and for Spoofing Mitigation

Documents
Web Spoofing Ppt

Web Spoofing Ppt

Documents
Sniffing and Spoofing. Spoofing Fraudulent authentication one machine as another ARP spoofing IP spoofing DNS spoofing Web spoofing

Sniffing and Spoofing. Spoofing Fraudulent authentication one machine as another ARP spoofing IP spoofing DNS spoofing Web spoofing

Documents
Spoofing( 스푸핑 )

Spoofing( 스푸핑 )

Documents
SSL Spoofing

SSL Spoofing

Documents
Attacking Web ServicesAttacking Web Services - …€¦ · Overview • Oversize Payload • Coercive ParsingCoercive Parsing • SOAPAction Spoofing • Metadata Spoofing • Attack

Attacking Web ServicesAttacking Web Services - …€¦ · Overview • Oversize Payload • Coercive ParsingCoercive Parsing • SOAPAction Spoofing • Metadata Spoofing • Attack

Documents
DNS Spoofing

DNS Spoofing

Documents
WEB SPOOFING full report

WEB SPOOFING full report

Documents
Web Spoofing Presentation

Web Spoofing Presentation

Documents
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360

Documents
Spoofing - Georgia Southern University-Armstrong …cs.armstrong.edu/rasheed/ITEC4300/Slides14.pdf · Web Spoofing • Hacker spoofs an IP address through a Web site • Hacker can

Spoofing - Georgia Southern University-Armstrong …cs.armstrong.edu/rasheed/ITEC4300/Slides14.pdf · Web Spoofing • Hacker spoofs an IP address through a Web site • Hacker can

Documents
Spoofing & Scanning

Spoofing & Scanning

Documents
بسمه تعاليzums.ac.ir/files/IT/site/maghale/IPspoofing.doc  · Web view4-Blind spoofing (spoofing پنهان) :پاسخ هايي را براي ميز بان مقصد پيشگويي

بسمه تعاليzums.ac.ir/files/IT/site/maghale/IPspoofing.doc  · Web view4-Blind spoofing (spoofing پنهان) :پاسخ هايي را براي ميز بان مقصد پيشگويي

Documents
Email Spoofing

Email Spoofing

Documents
Rip Spoofing

Rip Spoofing

Documents
II Web Spoofing

II Web Spoofing

Documents
Какво е spoofing? Видове spoofing и методи за защита

Какво е spoofing? Видове spoofing и методи за защита

Education