Tabnabbing
Tabnabbing
Summary
Where a page linked from the target page is able to rewrite that page, for example to replace it with a phishing site. As the user was originally on the correct page they are less likely to notice that it has been changed to a phishing site, especially it the site looks the same as the target. If the user authenticates to this new page then their credentials (or other sensitive data) are sent to the phishing site rather than the legitimate one.
Attacker searches for links that are inserted into the website and are under his control. Such links may be contained in a forum post, for example. Once he has found this kind of functionality, it checks that the link's rel
attribute does not contain the value noopener
and the target attribute contains the value _blank
. If this is the case, the website is vulnerable to tabnabbing.
Attack
Last updated