Security Basics mailing list archives
RE: Phishing tool
From: "Marco M. Morana" <marco.m.morana () gmail com>
Date: Sat, 12 Apr 2008 16:45:45 -0400
Leonardo Phishing is a social engineering attack that even if could have a common delivery (malicious link via email) it can take different forms for the phishing site itself: it can be for example a phished site built by registering a fake domain and look alike webpage or a legal site with an embedded hijacked frame exploiting cross frame scripting vulnerabilities or a phish proxy with man in the middle that connect to the original site (no copy of the original site). The anti phishing tool should probably look at the different phishing sites used to try to identify them, besides an application scan for vulnerabilities that can be exploited for phishing such as XFS, XSS, MiTM you need to also look on how the site is configured (domain) and perform some protocol analysis to identify proxies, latency times etc. Probably the best to approach this study is to start building a library of common phishing sites and then create a baseline for which the anti-phishing tool can be tested. Good resources to start are the OWASP phishing web page http://www.owasp.org/index.php/Phishing and the anti-phishing working group http://www.antiphishing.org Marco Morana OWASP Cincinnati Chapter Leader http://www.owasp.org/index.php/Cincinnati Join us at http://www.owasp.org/index.php/AppSecEU08 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Leonardo A. M. dos Santos Sent: Friday, April 11, 2008 7:33 PM To: security-basics () securityfocus com Subject: Phishing tool Hi folks! I'm doing my final graduation paper at Brazil university and it's about Phishing programs. One of my roles is develop a phishing tool to study the architecture and integration with the system, after I will have to develop a software to block it, an anti-phishing tool. The biggest problem is found a phishing tool that I can look at the source to understand the programing methods used, but sure that I will respect the author and give the credits to him. It will be very helpfull, even a simple light could help. Thanks for all, Leonardo Santos.
Current thread:
- Phishing tool Leonardo A. M. dos Santos (Apr 12)
- RE: Phishing tool Marco M. Morana (Apr 12)