3 Replies - 17539 Views - Last Post: 30 August 2006 - 06:01 AM

#1 Israel   User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 821
  • Joined: 22-November 04

Fight Spoofing with Javascript Injections

Posted 15 October 2005 - 12:08 AM

The following is a snippet of code that everyone should probably have in their back pocket these days. Especially if you do a lot of online money transactions. The following javascript injection will reveal a true server name if the website you are looking at is being spoofed (hosted by someone other than the real site who probably wants to steal your money and/or identity) Just go to the page you need to check (e.g.-when you go to you bank's site or feel questionable) and post this script in the address bar:

javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");



This should reveal what you previously had in the address bar and the true address that the site has. Don't worry if differs by

http://www.thesite.c.../file.php019223. ( and )
http://www.thesite.com/

But if the servername or domain name differs you are probably looking at a Spoofed website.

Please use this information wisely

Israel

Is This A Good Question/Topic? 0
  • +

Replies To: Fight Spoofing with Javascript Injections

#2 Aaroniza   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 12
  • Joined: 04-March 06

Re: Fight Spoofing with Javascript Injections

Posted 05 March 2006 - 09:45 AM

Wow , thanks this is pretty cool!
Never knew you could put Javascript code into the Address bar. B)
Was This Post Helpful? 0
  • +
  • -

#3 shrykanth   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 2
  • Joined: 28-August 06

Re: Fight Spoofing with Javascript Injections

Posted 29 August 2006 - 07:20 PM

thanx........
Was This Post Helpful? 0
  • +
  • -

#4 xof   User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 74
  • Joined: 27-August 06

Re: Fight Spoofing with Javascript Injections

Post icon  Posted 30 August 2006 - 06:01 AM

Looks neat, thank you.

It also looks vulnerable to circumvention, but then everything in a system which has input & output is really.

Without giving away precisely how to do it any thoughts on how someone who wanted to spoof without being detected by this bit of javascript would go about it?
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1