Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Phishing tool

From: "Marco M. Morana" <marco.m.morana () gmail com>
Date: Sat, 12 Apr 2008 16:45:45 -0400
Leonardo

Phishing is a social engineering attack that even if could have a common
delivery (malicious link via email) it can take different forms for the
phishing site itself: it can be for example a phished site built by
registering a fake domain and look alike webpage or a legal site with an
embedded hijacked frame exploiting cross frame scripting vulnerabilities or
a phish proxy with man in the middle that connect to the original site (no
copy of the original site). The anti phishing tool should probably look at
the different phishing sites used to try to identify them, besides an
application scan for vulnerabilities that can be exploited for phishing such
as XFS, XSS, MiTM you need to also look on how the site is configured
(domain) and perform some protocol analysis to identify proxies, latency
times etc. Probably the best to approach this study is to start building a
library of common phishing sites and then create a baseline for which the
anti-phishing tool can be tested. Good resources to start are the OWASP
phishing web page http://www.owasp.org/index.php/Phishing and the
anti-phishing working group http://www.antiphishing.org

Marco Morana
OWASP Cincinnati Chapter Leader
http://www.owasp.org/index.php/Cincinnati
 
Join us at http://www.owasp.org/index.php/AppSecEU08


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Leonardo A. M. dos Santos
Sent: Friday, April 11, 2008 7:33 PM
To: security-basics () securityfocus com
Subject: Phishing tool

Hi folks!

I'm doing my final graduation paper at Brazil university and it's about 
Phishing programs.
One of my roles is develop a phishing tool to study the architecture and 
integration with the system, after I will have to develop a software to 
block it, an anti-phishing tool.
The biggest problem is found a phishing tool that I can look at the 
source to understand the programing methods used, but sure that I will 
respect the author and give the credits to him.

It will be very helpfull, even a simple light could help.

Thanks for all,
Leonardo Santos.
Previous By Date Next
Previous By Thread Next

Current thread: