background image


Chapter 10

Figure 10-3: Credential harvester report


In a 


 scenario, a target is caught while accessing a website with 

multiple tabs open. When the target clicks a link, he is presented with a 
“Please wait while the page loads” message. When the target switches tabs, 
the website detects that a different tab has focus and rewrites the web page 
that presented the “Please wait . . . ” message with a website you specify.

Eventually, the target clicks the tabnabbed tab, and, believing he is being 

asked to sign in to his email program or business application, he enters his 
credentials into the malicious look-alike site. The credentials are harvested, 
and the target is redirected to the original website. You can access the tab-
nabbing attack vector through SET’s web attack vector interface.



attack uses HTTP referers on an already compromised 

site or a cross-site scripting (XSS) vulnerability to pass the target’s credentials 
back to the HTTP server. If you find an XSS vulnerability and send the URL 
to the target, who then clicks the link, the website will operate normally, 
but when the target logs into the system, his credentials are passed to the 
attacker. The man-left-in-the-middle attack vector can be accessed through 
SET’s web attack vector interface.