Forum Thread: Masking/Obscure URL, SE-Attack

Masking/Obscure URL, SE-Attack

I've got a webpage set up.
I need it to look just a little more legit, hence i need the URL to look more legit.

Victim not in local LAN - so i'm not doing a MitM attack and so DNS spoofing (unless you can do that remotely, without exploiting the system, which is a osx btw) is not an option.

I've been looking into hexadecimals and it looks great - however, it's detected by literally all browsers as a phishing site.

Is there a way to make the URL look legit - or a way to spoof the browsers from detecting the obscured one with hexadecimals?

4 Responses

Im not a friend of pinishing attacks but try to Shorten the URL and see if it will work normally.

Hacked by Mr_Nakup3nda

The shortening url looks very suspicious, but thank you for the reply!

There is a much easier way. Just don't modify the URL at all, and social engineer the person instead. Here is a strategy I came up with, you just send them this:

"Hey, I've been working on a facebook (or whatever you're phishing) app that runs externaly. I am now trying to develop the login system and am taking a large scale test to see how well it performs. If you have the time, care to do a quick login for me? Your help is kindly appreciated! Oh, and the phishing alert pop-ups are simply there because I haven't verified the domain yet (again, this is just the development stage of my app), so your browser will most likely think it is a phishing page. Here is the URL to my app: INSERT URL HERE. Have a good day!"

Take note that I used the "Benjamin Franklin-effect" in this social engineering strategy: we are asking the target to do us a favour, which tricks him/her into believing he is on our side, and thus is more likely to take the bait.

This strategy only works on people you know a little and not on tech-savy people. But if these 2 conditions are met, I've seen that my strategy has quite a high success rate (about 98%).

Just thought I'd share this strategy. Hope I helped!


Thanks for sharing your strategy, it's definitely worth a try!

Share Your Thoughts

  • Hot
  • Active