Search Results

Search found 3 results on 1 pages for 'user970533'.

Page 1/1 | 1 

  • Phishing attack stuck with jsp loginAction.do page?

    - by user970533
    I'm testing a phishing website on a staged replica of an jsp web-application. I'm doing the usual attack which involves changing the post and action field of source code to divert to my own written jsp script capture the logins and redirect the victim to the original website. It looks easy, but trust me, it's has been me more then 2 weeks and I cannot write the logins to the text file. I have tested the jsp page on my local wamp server it works fine. In staged, when I click on the ok button for user/password field I'm taken to loginAction.do script. I checked this using the tamper data add-on on Firefox. The only way I was able to make my script run was to use burp proxy intercept the request and change action parameter to refer my uploaded script. I want to know what does an loginAction.do? I have googled it - it's quite common to see it in jsp application. I have checked the code; there is nothing that tells me why the page always points to the .do script instead of mine. Is there some kind of redirection in Tomcat? I like to know. I'm unable to exploit this attack vector? I need the community's help.

    Read the article

  • What are the technial and programming requirements for writing a stealth keylogger?

    - by user970533
    I'm planning to write/code one such stealth keylogger that would bypass detection by a certain antivirus. (I don't want to name the vendor as I know how good Google queries are against StackExchange websites). I don't want to just download any keylogger from internet and try to encode it to evade detection. Writing code myself I would have the ability to make changes as I go; obscuration on both high-level and low-level language. I like control too. It seems naive but is it true that keyloggers are a thing of the past, probably because of how effective AV's have become in detecting such programs? I want some nice points on how can one easily write a robust, effective key logger preferably for a Windows environment?

    Read the article

  • Phishing attack stuck with jsp loginAction.do page? [closed]

    - by user970533
    I 'm testing a phishing website on a staged replica of an jsp web-application. I'm doing the usual attack which involves changing the post and action field of source code to divert to my own written jsp script capture the logins and redirect the victim to the original website. It looks easy but trust me its has been me more then 2 weeks I cannot write the logins to the text file. I have tested the jsp page on my local wamp server it works fine. In staged when I click on the ok button for user/password field I'm taken to loginAction.do script. I checked this using tamper data add on on firefox. The only way I was able to make my script run was to use burp proxy intercept the request and change action parameter to refer my uploaded script. I want to know what does an loginAction.do? I have googled it - its quite common to see it in jsp application. I have checked the code; there is nothing that tells me why the page always point to the .do script instead of mine. Is there some kind of redirection in tomcat configuration. I like to know. I'm unable to exploit this attack vector? I need the community help

    Read the article

1