In this article, we’ll take a look at a form of Phishing attack called Tabnapping a phrase coined by Aza Raskin a leading Security researcher in 2010. This type of attack, whilst not widely known is being more commonly used as an attack vector by threat actors. TabNapping is a variation of Phishing attacks that traditionally are delivered via email and exploited by clicking on malicious links.

Modern web browsers can rewrite tabs after a web page has loaded which can provide malicious attackers the threat vector to compromise the victim. The Same-Origin Policy is a security mechanism intended to limit the ability of a website to interact with resources outside the source domain. However, this can be too restrictive with various methods implemented to bypass the constraints. The TabNapping attack takes advantage of Cross-Origin Resource Scripting which I recently wrote about here CORS.

As a controlled mitigation CORS is used by websites to allow subdomain access and trusted third parties. Implementation must be done carefully as misconfiguration or configuration not sufficiently secured can result in exploitable vulnerabilities. Once such vulnerability is TabNapping which relies upon a simple JavaScript to detect if, or when the user focus has shifted to another browser tab or remains inactive for some time.

(more…)

The post What and how TabNapping work appeared first on PUPUWEB - Information Resource for Emerging Technology Trends and Cybersecurity.