<<< Date Index >>>     <<< Thread Index >>>

SECURE SOCKETS LAYER COELACANTH: Phreak Phishing Expedition




We wrap this up with a full-on ssl site spoof. It seems limited 
how far you can 'shove' the real domain out of the way, but just 
enough to make it convincing so we adapt the window to 'cover' 
it up. Interestingly [with apologies to e-gold for playing with 
their site], they have a secured connection [ignore the warning] 
which gives us our https, our little golden 'safe' padlock and 
most interestingly, all the links inside the site function and 
show the spoofed address:

 
http://www.malware.com/gutted.html

couple all that with the absurd ability to trick Internet 
Explorer into believing it is in a 'trusted zone' by inserting 
whatever gibberish you want into the fake link regardless of the 
actual domain, and you have the catch of the day.

Big thanks to Drew Copley for whacking the sucker on the head,  
Brett Moore for correctly pointing out that it can be achieved 
without the 'redir' thing as well being able to stuff it with 
anything else you want and expedition leader: 'bitlance winter' 
who sighted it, tracked it, snagged it and reeled it in.

End Call

-- 
http://www.malware.com