Quote:
Originally Posted by k0nr4d
Guys I just figured out how this website cloning shit is being done. It's pretty sneaky and creative. I realized it just now when a client had this issue. Will write up a post about how it's done and how to block as soon as i figure it out. It's not gonna be easy to block...
|
See what you can figure out. This can be used maliciously for phishing too.
Fake sites stealing passwords and the like
one of my banks uses Strict-Transport-Security and TLS (https)
However =>
https://en.wikipedia.org/wiki/3-D_Se..._site_identity
even https iframe in another https site will not throw warning not alerts in browsers.
i looked at all the sites framed and they were all http so https is a dead end for this
https://stackoverflow.com/questions/...fferent-domain
view-source:
http://odir.us/js/full.js