Thread: Anti-Tracking ?
View Single Post
  #12  
Old 12-22-2003, 11:52 PM
quitsendingmetrash quitsendingmetrash is offline
Member
 
Join Date: Dec 2003
Posts: 29
Default

"...there is a great amount of tricks that you can perform upon users coming to a website."

Yes that's it. Tricks are the perfect analogy. I am looking at this without a programming background so forgive me if i am repeating myself, also i will try not to be to far-fetched.

Rather than implying that a webpage has some exotic or malicious code, I'll use a simpler concept.
By singling out the users with browser based email such as hotmail or yahoo. One can then assume the user will be logging into to their email via forms. Entering the user name and password into fields. The idea i have is that some how the web page would track form fields. Perhaps by copying to the clipboard anything that is entered into a field. A script could then steal the
input from the clipboard and submit it to the server's database.

Since we are talking social reversing here, lets modify the webPage so that it is singling out users who copy and paste their
passwords or who click the save password field. The webpage could obtain a password when it is copied to the clipboard.

Here is an example of a clipboardJacker-
h**p://tom.vpwsys.co.uk/clipboard/exploit.html
(i think it only works in internetExplorer)

My idea seems to be some form of a field hunter/viewer embedded in the webPage. No trojans, or superscripts needed. Just the ability to copy and paste. ok enough of that idea.

-----

I came across some html a while back ago that caught my eye.

<HTML>
<BODY>
<IFRAME src="\**.***.**.**">
</BODY>
</HTML>

Put your ip address in place of the stars. Nothing to fancy about this. Although i am sure there is an exploit for this
that could be used for remote access.

Maybe with smb one could use the html iframe script remotely.
h**p://samba.anu.edu.au/cifs/docs/what-is-smb.html

sna has remarked that iframes suck so i will not speak any more about them. although i wrote the above before he posted so i will leave it here.
the only question i have towards iframes-- is it possible to trick the server-client into thinking one is the other?

anyway, i seem to be slamming into a dead end. i started off as i intended, which was asking questions, and now here it seems i am making statements which is not what i had intended. now i must go do some research of my own and quit waisting other peoples time, on a subject that i have no knowledge about. let me see what i can turn up with in the next couple of months and i will let you know if i find anything that applies. although it is doubtfull that i will turn up with something that you already don't know.

to clarify my initial vision i will leave you with this.
At times it is easier to reverse the person rather than the box or the software. To obtain someones password you could hack their box. Although it may be easier to hack the person. I was just wondering if it would be applicable to use a webPage to hack the person. Anyway it really is not important to me to hack anyone. I was looking at it as more of a security issue when registering to a site.

many thanks goes to you Devine9 for clarifing my misconceptions with the python, tcl/tk interpreters. I had this little idea running in my head that it would be some how possible for a webPage to link to a file.py on my hardDrive. When the link was pressed my python interpreter would open up and run the source code.

and yes, i will also thank you sna for your preSight. saw the iframes coming did you?
Reply With Quote