Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/GabsJahBless/discovering-reversetabnabbing
https://github.com/GabsJahBless/discovering-reversetabnabbing
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/GabsJahBless/discovering-reversetabnabbing
- Owner: GabsJahBless
- Created: 2019-10-09T18:54:33.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2019-12-06T13:55:51.000Z (almost 5 years ago)
- Last Synced: 2024-04-07T06:32:43.881Z (7 months ago)
- Language: Python
- Size: 16.6 KB
- Stars: 6
- Watchers: 1
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Discovering Reverse Tabnabbing
*Reverse tabnabbing* is an attack where a page linked from the target page is able to rewrite that page, for example, to replace it with a phishing site. As the user was originally on the correct page they are less likely to notice that it has been changed to a phishing site. If the user authenticates to this new page, then their credentials (or other sensitive data) are sent to the phishing site rather than the legitimate one.
Because of this I created the *Discovering Reverse Tabnabbing*, that is a Burp extension written in Python which helps to locate HTML links that use the target="_blank" attribute, omitting the rel="noopener" attribute.
## Usage
**1.** Download the "Standalone Jar" version of Jython clicking here
**2.** Open the Burp Suite tool
**3.** Go to tab *Extender* -> *Options*
**4.** At *Python Environment* select the *Jython* file downloaded on **step 1**
**5.** After, go to *Extender* -> *BApp Store* and search for *Discover Reverse Tabnabbing* extension name
**6.** Click on and install it
Now, when initiating a Passive or Active Scan, issues related to this vulnerability will appear on the *Dashboard* tab.
Please, give it a rate :)