stanni Posted February 20, 2009 Share Posted February 20, 2009 Hey guys, I just thought of a neat way to capture passwords of people from websites here is how it goes... Ok so in this example we will get passwords of people on a forum. First off register a domain that is similar of that of the website you won’t to attack. Create a post on the website we won’t to attack telling people to go to "www.something-interesting.com" Then create a page to go onto your website you just registered that is an iFrame at 100% x 100% with a little bit of php code that does this: ****************** If the user is coming from the domain "www.website-we-are-attacking.com" then send them to www.something-interesting.com OR If the user is coming from www.something-interesting.com do nothing and let the iFrame load. ****************** Ok so here is how it works: 1. The user clicks the link to your website and it redirects them to the other website with something of interest on it. 2. The user then clicks the back button thinking they will get sent back to the forum website. 3. The user is now on our website, also what we do is make them logout by making the iFrame load www.website-we-are-attacking.com/logout.php" or whatever it is for that particular website. 4. This is the clever part. What we need to do it capture their password when they log back in. First off find out what the password input box's name is most probably "password" then capture it with a bit of php and store it in a sql database, also you will won’t to capture the username as well so you know who the password belongs too :P Please give your feedback on this, I hope it hasn’t been thought of before or I’m going to look stupid lol. P.S. I have a perfect website in mind also that this would work on as links don’t open up in a new page and to logout on their website its www.their-domain.com/logout.php Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.