Phishing By Data URI – How Hackers Do It

Phishing By Data URI – How Hackers Do It
Phishing by data URI

Today I'm going to show you how hackers doing phishing attack by using Data URI technique. Before going to read the article, I recommends you to read " Phishing- The Art Of Fooling " for better understanding of this technique.

Phishing by data URI is a simple technique used to steal login credentials and personal information from the users. Usually, phishing website needs a host, but by using “Phishing By Data URI” technique an attacker don't need a host to carry out an attack.


In this technique, attacker uses a simple URI scheme to present media content in the web browser without the actual data on the Internet.

The URI scheme is given below :

data :[<mediatype>][;base64];<data>

For Example :

data:text/html;base64,RWZmZWN0SGFja2luZw==


In the above example, I used base64 encoding to obfuscate the data from the victims. Otherwise, it looks like this :

data:text/html;,EffectHacking


Hackers with malicious intent can spoof an entire web-page using this technique and send the URI to victims through emails. However, preventing such attacks is simple, just look at the address bar before entering login credentials. 

Since the data URI can be shortened by using several URL shortening services, try to avoid clicking on shortened URLs. Attackers can also include malicious javascript files in spoofed web pages by using the "Data URI" technique.

You can download the data URI of wikipedia page here.

If you like this article, please support us by sharing this article to your friends. Sharing buttons are give below, use it, show the love.

Don't forget to subscribe to our free newsletter and stay updated.

2 comments :

Powered by Blogger.