Skip to content

GabsJahBless/discovering-reversetabnabbing

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 

Repository files navigation

Discovering Reverse Tabnabbing

Reverse tabnabbing is an attack where a page linked from the target page is able to rewrite that page, for example, to replace it with a phishing site. As the user was originally on the correct page they are less likely to notice that it has been changed to a phishing site. If the user authenticates to this new page, then their credentials (or other sensitive data) are sent to the phishing site rather than the legitimate one. Because of this I created the Discovering Reverse Tabnabbing, that is a Burp extension written in Python which helps to locate HTML links that use the target="_blank" attribute, omitting the rel="noopener" attribute.

Usage

1. Download the "Standalone Jar" version of Jython clicking here
2. Open the Burp Suite tool
3. Go to tab Extender -> Options
4. At Python Environment select the Jython file downloaded on step 1
5. After, go to Extender -> BApp Store and search for Discover Reverse Tabnabbing extension name
6. Click on and install it

Now, when initiating a Passive or Active Scan, issues related to this vulnerability will appear on the Dashboard tab. Please, give it a rate :)

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages