Web Browser Attack-TabNapping

We are living in the jungle of web, we have different web-browser to view internet websites. Different vulnerability on browser’s arising every day and you have to be aware these new attack to protect your infrastructure.

As you know in the phishing attacker send a URL to the victim and victim has to click on URL to go on phishing page, now the thing is change a new term has been discovered that is TabNapping, tabnapping is a web-browser attack and the new way of phishing attack in which victim not require to click any URL.


In this attack one of you browser tab replace with another page without your knowledge and permission, for example in one of your browser tab you have opened any website it will automatically replaced with the phishing side and the normal user’s does not look to the URL.

Instead of explain all the stuff here on text format i want to share a video demonstration of tabnapping.






Is this the owner and admin of a particular website responsible for this attack? i think no an attacker can find any bug on any website like a cross site scripting and after this an attacker can enter their script to perform Tabnapping attack.

Protection
  • Do not login on any tab, that you have not open it by yourself.
  • Look around the URL before login to any website.
  • If you find any suspicious than close the tab and open new one.
  • Update your browser.
  • Do not open many tab while you are working on your secure website or important websites.


Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...