Hacker News new | ask | show | jobs
by tyingq 3356 days ago
Nginx, in proxy mode, even has a nice sub_filter where you can rewrite the response body. Pick a tag that generally occurs once, like </head>, and replace it with arbitary text. Like maybe "</head><script src="whatever"></script>".

That would be perfect...no need to recreate the target site's look and feel. Just whatever js you need to scrape the credentials.
1 comments
gcb0 3356 days ago
and now the bank just have to block Google's cloud ip range.
link
tyingq 3356 days ago
The idea is the bank may not notice, since the site would be functional and serving customers.

Certainly, there's ways to see this is going on, but you could, for example, round robin the DNS and only attack a percentage of traffic.

link