I recently learned about tabnabbing/tabgrabbing and decided to give it a try for myself. If you are unaware of what tabnabbing/tabgrabbing is then I suggest you point your browser to http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/ for more detailed information regarding the attack.

The idea behind this attack is to deceive the user into believing they have left open a browser tab that has expired credentials in the hope that they’ll attempt to reauthenticate themselves so we’re able to steal their credentials. It’s important to note that the user must not have an expired session or have logged out from the site we are attempting to steal credentials from. The gist of this attack is that the user submits their credentials, we steal them, and then redirect them to the site they were attempting to access in the first place. In order to do this we’ll need someplace to store these valuable credentials so the first thing I did was setup a MySQL database to house them. Continue reading..