The details of Web spoofing are perfect in the previously described attacks quite effective, but it is not very perfect. Hackers often create a trusted environment, including various types of icons, text, links, etc., providing a wide variety of trusted hints that are attacked. In short, it is hidden all tail. At this point, if the wrong Web is hostile, innocent users will be in a very dangerous situation.
In addition, hackers will also pay attention to the following aspects.
Status line
The connection status is a prompt information at the bottom of the browser, which prompts the currently connected information. Two types of information involved in web spoof. First, when the mouse is placed on the web link, the connection status display the URL address referred to in the link, so that the attacker may notice the rewritten URL address. Second, when the web connection is successful, the connection status will display the connected server name. In this way, attackers can notice www.org instead of their own sites.
An attacker can make up for these two shortcomings through JavaScript programming. Since JavaScript can write a connection status, and the JavaScript operation can be bound to a specific event, an attacker can restore the rewritten URL status to rewrite the state. Such Web spoof will be more credible.
2. Position status line
The location status line of the browser displays the currently located, and the user can type the new URL address into another URL, and if the necessary changes are not performed, the URL exposes the rewritable URL. Similarly, JavaScript can hide the rewritable URL. JavaScript can cover the true URL with an untrue URL, and can accept the user's keyboard input, and change it, enter incorrect URL.
Web spoofing weaknesses
Although the hacker has raced his brains when the Web spoof is cheated, there is still some shortcomings.
Documentation
The attacker is not a trace, and the HTML source file is the key to deceiving the maze. An attacker is powerless. By using the "ViewSource" command in the browser, users can read the current HTML source file. By reading the HTML source file, you can find that the URL that is rewritten is therefore aware of the attack. Regrettably, for beginners, HTML source files are really difficult.
By using the "View Document Information" command in the browser, users can read some information for the current URL address. The gratifying is that the real URL address is provided here, so users can easily judge Web spoof. However, most users have little attention to some of the above properties, can say potential dangers still exist.
