WHat it does.
, the target page will show you nothing more than "Internal server error 500".
However returning to the original reddit.com browser window, you will see a programming.reddit.com ALIKE page prompting for your username and password.Haw it works
In IE you can get access to the opener window of the page being requested through window.opener property.
Now having the opener window onject you can navigate, in background, the original opener window to a phishing page resembling the look of the opener site just using window.opener.location
A strengthened attack could download the original opener page and generate dynamically the phishing one, so that the sole difference between the real and the fake one is the URL in the browser address and the box asking for user account.
Wednesday, July 18, 2007