Feross Aboukhadijeh (developer of www.ytinstant.com) was developed a Phishing concept using HTML 5 FullScreen Api.
Credit: http://feross.org |
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. (http://en.wikipedia.org/wiki/Phishing)
Many of the people associate phishing via e-mail that mimic , banks, credit card companies.
These messages look authentic and attempt to get victims personal information.
HTML 5 Full Screen API-
The HTML 5 Full screen API allows developers show web content that fills the user’s screen
completely. eg: watch a
fullscreen video on YouTube.
Feross explain how this API can works, by hide the interface elements of the users' browser.
Most of the browsers have user-triggerable full-screen functionality . The HTML5 Fullscreen API is differ from this. this allows the web developer to access the same functionality , trigger it programmatically.
Eg : elementToMakeFullscreen.requestFullScreen();
Developer can trigger full screen when user clicks on a link or button .
Eg: Trigger Full screen using Jquery
Browser Notification.$('#button').on('click', function() { var doc = document.documentElement; if (doc.requestFullscreen) { doc.requestFullscreen(); } });
Apple's Safari browser, version 6.01 and later no sign ( little ) that full-screen activated or not.
Google Chrome, version 22 and later some notice.
Mozilla Firefox, version 10 and later, alerts the user with a conspicuous notification.
Phishing Using FullScreen Api
Look at the link given bellow
kerala-techies.blogspot.com
The user can check the link , will show www.kerala-techies.blogspot.com , as expected its good but when you click on the link the developer (hacker) can call
event.preventDefault()
to prevent the default action ie navigating to the link and able to trigger fullscreen, and mimic the browser , OS and go to the fake page . This fake page look like same as the original with a green padlock for HTTPS.Credit: http://feross.org |
Full Source Code
Credit: http://feross.org
DEMO
The content of - Phishing Attacks Using the HTML5 Fullscreen API in Kerala Techies has taken from Various Sources and Analysis of our Team. This Information given by Kerala Techies.