URL spoofing German is a method used on the World Wide Web to fraudulently misrepresent a website visitor or to disguise the actual address of the page. This works so easily because the HTML title and the targeted link do not have to be related to each other. The user is suggested to be redirected to a reputable site known to him, but the link leads to a page that is completely unknown to him. By clicking on the apparent URL, a desired action of the user is brought about without his consent. URL spoofing distinguishes between at least the following variants:
- Link Spoofing
- Frame Spoofing
While in link spoofing the fraudulent URL is directly visible in the browser, in frame spoofing the manipulation is not immediately visible to the user.
Sometimes there is a more general talk of website spoofing, in which you can no longer tell from which website the content comes even in the URL (of the browser). All of the aforementioned variants of URL spoofing are subvariants of content spoofing, i.e. they take place on the browser side. Content spoofing is to be distinguished from referrer spoofing, which takes place on the server side.
---
Attacks on the browser (content spoofing) are carried out either by sending appropriately manipulated links to the user via e-mail or by entering a correspondingly malicious link, e.g. in forums, blogs, etc. Most of the time, cross-site scripting vulnerabilities in web applications are exploited. HTTP response splitting vulnerabilities in web servers or web applications can also be used.
How it Works
Content Spoofing
Content spoofing is a form of URL spoofing that targets a user and takes place on the browser side. URL spoofing is made possible by security vulnerabilities in web browsers. For example, in December 2003, the spoofing of such a URL in Internet Explorer and published patches worked. However, Mozilla also had the same problem at the end of 2003, which was not fixed until version 1.6. After the problem seemed to be fixed in early 2004, exploits reappeared in April 2004 that worked in Internet Explorer, Opera 7.2, KDE’s Konqueror 3.1.3, and Apple’s Safari. Only Mozilla’s browsers were not affected this time.
URL spoofing can also be caused by web application security vulnerabilities. In doing so, the web application sends data passed by the user to the browser. This is especially dangerous if it can lead to the misuse of a trustworthy site for phishing. What is particularly tricky here is that this also works with HTTPS-secured websites without violating the SSL certificate.
Referrer Spoofing
The so-called referrer spoofing has a web application as its target, i.e. it takes place on the server side. Some sites charge for their services. One way to bypass payment is also known as URL spoofing; In the case of some websites, spoofing the so-called HTTP referrer, which contains the address of the last visited website, can render this payment invalid and thus access the page content. For example, you set the HTTP referrer address to a URL within the protected member area. For example, unless an additional check has been implemented by the operator, the server of the corresponding website assumes that the respective user is already logged in.
