Web spoofing deception
TCP and DNS spoof
In addition to the deceptive means we will discuss, there are other means, where we will not discuss it. Examples of this attack include TCP deception (using forged IP addresses in TCP packages) and DNS spoofs (attacker forgery for machine names and network information). Readers are interested in reading the relevant information.
Web spoof
Web spoof is an electronic information spoof, an attacker creates a convincing but completely wrong copy of the entire Web world. The wrongweb looks very realistic, it has the same web page and link. However, the attacker controls the wrong Web site, so that all network information between the attacker browser and the web is completely attacked, the working principle is like a filter.
as a result of
Since the attacker can observe or modify any information from an attacker to the web server; in the same manner, it also controls the return data from the web server to the attacker so that the attacker has many possibilities, including monitoring and damage.
Attackers can monitor the network information of the attacker, record the web and content they visit. When the attacker fills in a form and sent, the data will be transferred to the web server, the web server will return the necessary information, but unfortunately, the attacker can intercept and use. Everyone knows that most of the online companies are using a form to complete the business, which means that the attacker can get the user's account and password. Here we will see that even if an attacker has a "secure" connection (usually through the Secure Sockets Layer, the user's browser will display a lock or key to represent a secure connection, and cannot escape the monitored fate.
After obtaining the necessary data, the attacker can make certain damage activities by modifying the data in any direction between the attacker and the web server. Attackers modify the attacker's confirmation data, for example, if an attacker orders a product online, the attacker can modify the product code, quantity, or the mail order address, etc. The attacker can also modify the data returned by the web server, for example, inserting an easy misunderstanding or an aggressive data, destroying the relationship between users and online companies, and more.
Deceive the entire Web World
You may think that the attacker deceives the entire Web world, but it is exactly that the attacker does not have to store the content of the entire Web world, he only needs to create a link to the entire Web world. When he needs to provide an error web page on a Web site, he only needs to establish a copy of the site on its own server, which is waiting for the victim from the support.
