I just had a look at Kaneda’s website where I’ve found a really cool advisory about how to bypass the phishing filter of Firefox 2.0.0.1 (don’t know what’s about older versions) in a extremely simple way. When you add a “/” character somewhere where already is one so that there are two of them “//” in the URL which points to a phishing site, the Link’s still valid and works but the phishing filter can’t detect, that it’s still the same site.
Here a small POC:
The following is a phishing site (offline but we still get an alert of Firefox)
http://www.bnkofamerica.us/
Now this is the same site but has one more “/” at the end and here we don’t get an alert
http://www.bnkofamerica.us//
This works everywhere, you can also try every other page, for example http://www.disenchant.ch/blog/ shows exactly the same as http://www.disenchant.ch//blog/
You can find some other ways to change the URL of a phishing site to bypass the protection here: http://sla.ckers.org/forum/read.php?13,2253
3 Comments to “Firefox 2.0.0.1 Phishing Protection bypass”
- 1 Pingback on Mar 15th, 2007 at 11:05 am
Firefox must have updated their list of phishing sites, because I get the alert on http://www.bnkofamerica.us// and http://www.bnkofamerica.us/// using 2.0.0.1 on OSX.
I just tested it again using Firefox 2.0.0.1 on a Xubuntu 6.10 and it still worked as described in my blog posting. Could be that the OSX version is different from the Linux and the Windows version, I don’t know.