id: tabnabbing-check info: name: Reverse Tabnabbing author: bolli95 severity: info tags: misc reference: | - https://owasp.org/www-community/attacks/Reverse_Tabnabbing - https://www.youtube.com/watch?v=TMKZCHYmtD4 - https://hackerone.com/reports/211065 requests: - method: GET path: - "{{BaseURL}}" matchers-condition: and matchers: - type: dsl dsl: - 'regex("", replace_regex(replace_regex(body, "", ""), "", "")) || regex("window\.open\\([^,]+\\)", body)' - type: dsl dsl: - "!contains(tolower(all_headers), 'referrer-policy: no-referrer')"