Skip to content
Tricks browsers to scraping the wrong URL for <a> links
HTML
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
PoC.html
README.md

README.md

Link Manipulation Phishing

Tricks browsers to scraping the wrong URL for <a> links.

Abstract

Initially has the original URL as the HREF in a <a> tag and 50ms after the user mouseovers the <a> it swaps it out for another link. Meanwhile, the browser HREF information (bottom left onhover on desktop, longpress info panel on mobile). This can then be combined with [IDN phishing] to perform a sophitocated phishing attack. Live demo.

You can’t perform that action at this time.