diff --git a/security/badware/phishing-url-tampering.html b/security/badware/phishing-url-tampering.html index 2286cb2..3b6f307 100644 --- a/security/badware/phishing-url-tampering.html +++ b/security/badware/phishing-url-tampering.html @@ -31,6 +31,7 @@ } function percentEncodeURL() { + // Inject percent-encoded characters into the URL to bypass phishing detection window.location = "/%73%65%63%75%72%69%74%79/%62%61%64%77%61%72%65/%70%68%69%73%68%69%6e%67%2e%68%74%6d%6c" } diff --git a/security/badware/server/routes.js b/security/badware/server/routes.js index 037d929..50b9f1c 100644 --- a/security/badware/server/routes.js +++ b/security/badware/server/routes.js @@ -1,59 +1,59 @@ -const express = require("express"); +const express = require('express'); const router = express.Router(); // Returns a 301 redirect to the main phishing test page -router.get("/", (req, res) => { - res.redirect( - 301, - "/security/badware/phishing.html" - ); +router.get('/', (req, res) => { + res.redirect( + 301, + '/security/badware/phishing.html' + ); }); // Returns a 302 redirect to the main phishing test page -router.get("/302", (req, res) => { - res.redirect( - 302, - "/security/badware/phishing.html" - ); +router.get('/302', (req, res) => { + res.redirect( + 302, + '/security/badware/phishing.html' + ); }); // Returns a 301 redirect to a JS redirector page -router.get("/js", (req, res) => { +router.get('/js', (req, res) => { res.redirect( 301, - "/security/badware/phishing-js-redirector.html" - ) + '/security/badware/phishing-js-redirector.html' + ); }); // Returns a 301 redirect to a JS redirector helper page -router.get("/js2", (req, res) => { +router.get('/js2', (req, res) => { res.redirect( 301, - "/security/badware/phishing-js-redirector-helper.html" - ) + '/security/badware/phishing-js-redirector-helper.html' + ); }); // Returns a redirect to a page that loads an iframe that renders a phishing page -router.get("/iframe", (req, res) => { +router.get('/iframe', (req, res) => { res.redirect( 301, - "/security/badware/phishing-iframe-loader.html" - ) + '/security/badware/phishing-iframe-loader.html' + ); }); // Returns a redirect to a page that loads multiple iframes to attempt to bypass the phishing detection -router.get("/iframe2", (req, res) => { - res.redirect(301, "/security/badware/phishing-legit-iframe-loader.html"); +router.get('/iframe2', (req, res) => { + res.redirect(301, '/security/badware/phishing-legit-iframe-loader.html'); }); // Returns a redirect to a page that renders a phishing page using a meta refresh (not flagged in dataset) -router.get("/meta", (req, res) => { - res.redirect(301, "/security/badware/phishing-meta-redirect-clean.html"); +router.get('/meta', (req, res) => { + res.redirect(301, '/security/badware/phishing-meta-redirect-clean.html'); }); // Returns a redirect to a page that renders a phishing page using a meta refresh (flagged in dataset) -router.get("/meta2", (req, res) => { - res.redirect(301, "/security/badware/phishing-meta-redirect.html"); +router.get('/meta2', (req, res) => { + res.redirect(301, '/security/badware/phishing-meta-redirect.html'); }); module.exports = router;