Embedded Files
Project Abstract
Project Abstract
In this project, we explore how attackers, also referenced as hackers in the technology industry, can steal saved web browser credentials either by poisoning the Domain Name System (DNS) server or local DNS cache on a user’s machine. The web browser does not know much about the IP addresses assigned to the online account's websites as they heavily depend on the domain name system to resolve this assignment. An attacker can poison the local DNS cache/server on a user’s machine.
We explore the process of creating a fake website based on the target website. Create an account on the original website and save the login credentials onto the local cache. Poison the user/victim’s local DNS cache by manually configuring the victim’s local cache to redirect to the fake website whenever they try to login to the original website. Since the browser does not concern itself with the IP address resolutions, when a user lands on the fake account orchestrated by the attacker, the browser will submit the saved login credentials of that online account. The fake website will be designed to save/steal the login details when a user clicks the login/submit button. As an extra feature, the fake website should send the login credentials, in human-readable format, to the attacker via an email address.
Project Testing Report
Project Testing Report
SWCT Report.pdfProject Testing Presentation
Project Testing Presentation
SWCT Presentation.pdfProject Testing presentation slides
SWCT Presentation.mp4Project Testing presentation video
Project Testing Demonstration
Project Testing Demonstration
SWCT Demo.mp4Project Conclusion
Project Conclusion
In conclusion, this report explores how hackers can steal saved web browser credentials either by poisoning the Domain Name System (DNS) server or local DNS cache on a user’s machine. We explore the process of creating a fake website based on the target website. Create an account on the original website and save the login credentials onto the local cache. Poison the victim’s local DNS cache by manually configuring the victim’s local cache to redirect to the fake website whenever they try to login to the original website. The fake website was designed to steal the login details when a user clicks the login or submit button by emailing them to the hacker via the hardcoded email. The aim of this collaborated project is to educate users about the dangers of saving their login credentials on a web browser to be auto populated when they revisit a website and cyber security awareness pertaining to websites with online accounts that require login credentials. By exploring and understanding how attackers can access a user’s saved web credentials for online accounts one can prevent themselves from being a victim of such hacktivism.
Page updated
Report abuse