undefined | Better HN

0 pointstyingq8y ago0 comments

Nginx, in proxy mode, even has a nice sub_filter where you can rewrite the response body. Pick a tag that generally occurs once, like </head>, and replace it with arbitary text. Like maybe "</head><script src="whatever"></script>".

That would be perfect...no need to recreate the target site's look and feel. Just whatever js you need to scrape the credentials.

0 comments

gcb08y ago

and now the bank just have to block Google's cloud ip range.

tyingqOP8y ago

The idea is the bank may not notice, since the site would be functional and serving customers.

Certainly, there's ways to see this is going on, but you could, for example, round robin the DNS and only attack a percentage of traffic.

j / k navigate · click thread line to collapse