web jacking attack method

Web jacking attack method | Explanation

What is web jacking attack method?

Web jacking is same as like web hijacking but the difference between web jacking and hijacking is in web jacking attack method hackers compromised with the domain name system but in hijacking they take a full control over the website.

Web jacking attack method is another type of social engineering phising attack where an attacker create a fake web page of victim website and send it to the victim.

And when a victim click on that link,a message display on the browser “the site abc.com has move on another address, click here to go to the new location” and if a victim does  click on the link, he/she will redirect on the fake website page where an attacker can ask for any sensitive data such as credit card number, username, password etc.

Web jacking attack method is one kind of trap which is spreaded by the attacker to steal the sensitive data of any people, and those people got trapped who are not aware about cyber security.

And web jacking attack method is very common phising attack nowdays, so if a people have even a little knowledge about cyber security, those people will never get trap.

Also read: How to detect hackers in windows computer?

 

The process of web jacking attack method

The first step of web jacking attack method is to create a fake page of victim website for example www.anywebsite.com/login.php.

Also read:  Top 8 best malware removal tools and apps 2018

The second step is to host it either on your local computer or shared hosting.

The third step is to send the link of a fake page to the victim.

The fourth step victim will open the link and enter their details and submit.

And in last step, you will get all the details submited by victim.

How to apply web jacking attack method?

So to apply web jacking attack method we will use a tool in kali linux called setoolkit.

  • Open your kali linux operating system, and then open Terminal window.
  • Type setoolkit on the terminal.
  • It will display lots of attacking method but you have to select Social-engineering attack.

web jacking attack method

  • Type to select Social-engineering attack, it will display lots of social engineering attack method.
  • Here, you have to select website attack vector, so type 2, it will display different website attack method.

https://strechtechlimit.com/wp-content/uploads/2018/02/step-2-300x266.png

  • Type 6 to select web jacking attack method.

web jacking attack method

  • Once again type to select site cloner, site cloner will clone the victim website page.

web jacking attack method

  • Now, type your computer IP address.
  • Then type the URL of victim website page for example www.abc.com/login.php.

web jacking attack method

  • Above three method will create a fake website page same as victim website page and host it on your computer.
  • Copy the link(your computer IP which you entered previously) of fake website and send it to the victim.
  • If the link is your local computer IP address then convert it into domain name.
  • To convert your IP address in domain name, open the link and type  your computer IP address here, it will create a link.
  • Now, your link is ready copy it and send it to the victim and wait till he/she entered their details.
  • When a victim will open the link in their browser, the browser display the message  “the site www.abc.com has move on another address, click here to go to the new location” and if a victim a clicking on this link he will redirect on the fake webpage.
Also read:  How to detect hackers in your computer

How to be safe from web jacking attack method?

  • First of all do not enter their senstive data in any link sent to you.
  • Check the URL

– Just because the address looks Ok, don’t assume this is a legitimate site.

– Read company name carefully, is it right wrong.

– check that there is a http protocol or  https, if http then do not enter your data.

  • If you are not sure, site is real or fake, enter a wrong username and password.
  • Use a browser with antiphising detection  .

Leave a Reply

Your email address will not be published. Required fields are marked *