httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Evan Platt <>
Subject Re: [users@httpd] Spoofing URLs in the address bar
Date Wed, 15 Nov 2006 19:30:29 GMT
At 11:14 AM 11/15/2006, you wrote:
>Is it possible to display a different URL than the actual site that 
>the browser is contacting in the address portion of a browser?  I 
>had thought the only options for the URL were either the actual 
>site, or the proxy server site in the instance where you are using a proxy.
>I'm asking this as a security question.  If a user gets an email and 
>clicks on a link (the HREF can say anything it wants), is it 
>possible to have the browser show 
><> in the address bar 
>when it's really connected to some Chinese malware site?
>I know that there are exploits out there for IE, but lets assume 
>I've got fully patched IE or Firefox and that we don't have some 
>bizarre DNS tainting or the like going on.

There's a 'trick' if you will that LOOKS like a address bar.

basically some Java script that makes the browser go to full screen, 
then basically has a JPG / GIF on top of a fake address bar.

Or even java script that 'looks' like the address bar, and is clickable.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message