Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: phishing sites examples "source code"

From: Juergen Fiedler <juergen () fiedlerfamily net>
Date: Mon, 19 Feb 2007 09:57:08 -0500
On Thu, Feb 15, 2007 at 11:13:39PM -0300, Andres Riancho wrote:

   Hi,

       For a research i'm doing I need a somehow "big"(around 100 would be
   nice...) amount of phishing sites html code . I have googled for them but
   I only get a lot of screenshots of those sites, not the actual code.
   Anyone has an idea of where I could get those sites html ?


Keep in mind that the HTML is most likely directly lifted from the
site that the phishers are spoofing - the only thing that changes is
the action for the login form; you can't readily get to the source
code for the form action because it is done in some sort of server
side scripting (CGI, PHP, ASP, whatever...) that can't readily be
viewed from the client side.
That said, I have run into one or two phishers who compromise a site
(or create a throwaway site themselves), upload their scripts in a
tarball, install them - and then leave the tarball around for
posterity to analyze. I kid you not.
Unfortunately, the only good way to get to that source code is by
asking the administrator of a compromised site whether they found
anything that they would be willing to share; going in and poking
around yourself may put you into a legal position that you'd rather
not be in.

HTH,
--j

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: