Web Browser Attack-TabNapping

We are living in the jungle of web, we have different web-browser to view internet websites. Different vulnerability on browser’s arising every day and you have to be aware these new attack to protect your infrastructure.

As you know in the phishing attacker send a URL to the victim and victim has to click on URL to go on phishing page, now the thing is change a new term has been discovered that is TabNapping, tabnapping is a web-browser attack and the new way of phishing attack in which victim not require to click any URL.


In this attack one of you browser tab replace with another page without your knowledge and permission, for example in one of your browser tab you have opened any website it will automatically replaced with the phishing side and the normal user’s does not look to the URL.

Instead of explain all the stuff here on text format i want to share a video demonstration of tabnapping.






Is this the owner and admin of a particular website responsible for this attack? i think no an attacker can find any bug on any website like a cross site scripting and after this an attacker can enter their script to perform Tabnapping attack.

Protection
  • Do not login on any tab, that you have not open it by yourself.
  • Look around the URL before login to any website.
  • If you find any suspicious than close the tab and open new one.
  • Update your browser.
  • Do not open many tab while you are working on your secure website or important websites.


Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...