Scribd Logo
Upload

Welcome to Scribd!

  • Description: M-Facebook-Com - Web.app

    Uploaded by

    Kyaw Lion
    13 views6 pages
    This document describes a mobile Facebook phishing attack hosted on Firebase that aims to obtain users' usernames and passwords. It creates a fake Facebook login page that looks identical to the real one in order to trick users into entering their credentials, which are then captured by the attacker. The objectives are to share knowledge about phishing, encourage users to carefully check URLs, and change passwords if compromised. The project was created to study how phishing works and help protect users. It demonstrates how a fake page can steal credentials which are stored in a Firebase real-time database.

    Original Description:

    Jj

    Original Title

    content

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document describes a mobile Facebook phishing attack hosted on Firebase that aims to obtain users' usernames and passwords. It creates a fake Facebook login page that looks identical to the real one in order to trick users into entering their credentials, which are then captured by the attacker. The objectives are to share knowledge about phishing, encourage users to carefully check URLs, and change passwords if compromised. The project was created to study how phishing works and help protect users. It demonstrates how a fake page can steal credentials which are stored in a Firebase real-time database.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views6 pages

    Description: M-Facebook-Com - Web.app

    Uploaded by

    Kyaw Lion
    This document describes a mobile Facebook phishing attack hosted on Firebase that aims to obtain users' usernames and passwords. It creates a fake Facebook login page that looks identical to the real one in order to trick users into entering their credentials, which are then captured by the attacker. The objectives are to share knowledge about phishing, encourage users to carefully check URLs, and change passwords if compromised. The project was created to study how phishing works and help protect users. It demonstrates how a fake page can steal credentials which are stored in a Firebase real-time database.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    1.

    Description
    This project describes about mobile Facebook phishing on firebase hosting (m-facebook-
    com.web.app). It uses phishing attack to obtain sensitive information such as username and
    passwords. By creating a single Facebook login page (copying the HTML of Facebook login
    page exactly) that disguises as a trustworthy entity in electronic communication makes users to
    fall their deception. When a user who visits to this URL of Facebook page which appears to be
    legitimate enters his or her username and password, the attacker captures these credentials. As
    for the user, user can’t go on from this page first time .After user is alerted “Wrong Password”,
    real Facebook page is redirect.
    2. Objectives
     To share knowledge about phishing
     To take a careful look at the URL when everyone visits a website(whether or not it is a
    legitimate website)
     To change new passwords once our username and passwords are compromised
    3. Motivation
    Phishing attacks are attempted every day. We should also know how phishing works. In
    this way, we will know how to protect it. Therefore, our group studies about it and develop this
    project.

    4. Phishing Theory
    Phishing is the fraudulent attempt to obtain sensitive information such as usernames,
    passwords and credit card details by disguising as a trustworthy entity in an electronic
    communication.
    Phishing is an example of social engineering techniques that is being used by attackers to
    deceive users. User are often lured by communications purporting to be from trusted parties such
    as social web sites, auction sites, online payment processors. And, most phishing website usually
    tries to appear at least somewhat legitimate.

    5. Implementation

    Figure 1 : Visiting this fake login page, then user name, password and click ("login") button
    Figure 2 : After click button is clicked, it alerts "Wrong Password"

    Figure 3 : After it is alerted "Wrong Password", it redirected real Facebook page


    Figure 4 : Attackers capture username and password (html report)

    Figure 5 : Attackers capture username and password (JSON report)


    6. Conclusion
    In summary, this fake page captures credentials as a firebase real time database (JSON)
    when user enters username together with password and clicks “log in” button. So, when people
    visit and give their credentials to website or page, check whether or not it is legitimate.

    You might also like