Spoofed URL
URL Spoofing ( to German as: faking an URL) is applied on the World Wide Web ( spoofing ) method to delude the visitors to a website with intent to defraud a false identity or to obscure the actual address of the page.
Terminology
When URL spoofing at least the following variants:
- Link spoofing
- Frame spoofing
While the fraudulent URL in the browser is directly visible in the link - spoofing (if it is not running in kiosk mode ), is the manipulation of the frame - spoofing for the user is not immediately apparent.
Sometimes is still spoken more generally of website spoofing, in which one can no longer recognize in the URL ( the browser), which comes from the website content.
All variants are content spoofing.
Operation
In the operation of attacks on the user (browser) and attacks on the server ( web application ) are to be distinguished.
Content Spoofing
Phishing can be, for example, a user can be faked, if he were on the side http://register.example.com - in truth the address http://register.example.com @ is called instead of 192.168.1.1, which a the user " register.example.com " the host 192.168.1.1 authentication corresponds.
Possible URL spoofing is through vulnerabilities in web browsers. To work in December 2003, the spoof of such URLs in Internet Explorer together with published patches. But even Mozilla had the end of 2003 the same problem that was only fixed with version 1.6. After the problem appeared first corrected in early 2004, appeared in April 2004 again exploits on that worked in Internet Explorer, Opera 7.2, KDE's Konqueror 3.1.3 and Apple's Safari. Only Mozilla browsers were not affected this time.
URL spoofing can have its cause in vulnerabilities within the Web application. The Web application sends user-supplied data to the browser. This is especially dangerous if it involves a trusted site for phishing can be abused. It is particularly dangerous is that this also works with HTTPS secure websites without compromising the SSL certificate is violated.
On the server side
As a URL spoofing can also designate the following: Some sites require payment for their services. In some websites you can by spoofing the so-called HTTP referrers, which contains the address of the last visited website, make this payment as ineffective and possibly access to adult content. For example, is given to the HTTP referrer address to a URL within the protected members area. So the server that site assumes unless additional verification was installed by the operator that the respective user is already logged.
Types of attack
Carried out attacks on the browser (Content spoofing ) either by sending corresponding manipulated links to the user by e -mail, or by entry of an appropriately defective links, for example, in forums, blogs, etc. In most cases, this cross-site scripting web application vulnerabilities exploited. Also HTTP Response Splitting vulnerabilities in web servers or web applications can be used.