Reverse Tab Nabbing Attack

what is reverse tab nabbing ?

Reverse tabnabbing is an attack where a page linked from the target page is able to rewrite that page, for example to replace it with a phishing site. As the user was originally on the correct page they are less likely to notice that it has been changed to a phishing site, especially if the site looks the same as the target.

If the user authenticates to this new page then their credentials or other sensitive data are sent to the phishing site rather than the legitimate one.

how the attack really works ?

step 1 : open any website and fill the credentials

step 2 : after signing into the website go to profile page and click to DOWNLOAD PDF .

step 3 : open profile page

then right click open the inspect. go to the console.

step 4 : after opening the console write command

opener.location=”https://<target’s URl>”

step 5 : press enter and see you will redirect into the target’s URL.