Discussion in 'BlackHat Lounge' started by carryout, Jan 20, 2009.
Wtf is going on its all in asian writing....Its not a phish script, its https://paypal.com
looks fine to me.
wtf was that?
Well I live in the US and it cant be only me...
i thought the right domain of paypal is http://www.paypal.com ????
php says action="https://www.paypal.com/cgi-bin/searchscr?cmd=_sitewide-search
doesnt look phisshy to me at all i dont get it
https just means its a secure server, information is encrypted
Their security certificate is only valid for https://www.paypal.com so maybe something went wrong with the browser when you tried to go to https://paypal.com.
Maybe your accessing it through a proxy ?
looks fine on my end
you can change the language on your end... just delete your cookies and try again, if you can't find the language selector.
looks phisshhy LOL. reads phisshy, something is wrong with the cookies and with your browser. I suggest to check for bugs
Everything seems find. Try typing it manually
I believe it IS a phishing attempt. When I use your link, I get this:
Secure Connection Failed
paypal.com uses an invalid security certificate.
The certificate is only valid for www.paypal.com
(Error code: ssl_error_bad_cert_domain)
* This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.
But when I use my bookmarked link or my RoboForm login link, I get the real PayPal login page, in English, and can get into my account just fine.
No im saying i went to http://paypal.com and that when u go there https pops up like it should...but its all in some asian language and It shouldnt be like that
I deleted the Certificate, Deleted Cookies, Not using Proxies atm, Dunno....To much PHP and for the most part the code seems legit put im no expert so who knows....
Edit: Dunno what i did but it works now...
To clear this mess a bit
first the wrong phising alarm: paypal.com is a domain, www.paypal.com is a subdomain.
paypals SSL certificate is set to www.paypal.com, if you open paypal.com it is the same server but the certificate is not right. (paypal is not professional enough to fix this)
Next the problem of carryout:
There are a few possibilities that went wrong:
a) a transparent proxy between you and the internet, fucking with the data
b) a hijacked DNS server providing you a wrong IP which relays to paypal (and sniffs you)
c) adware/malware on your computer
d) as you said, cookies might be a reason. maybe you had a "paypal asia" cookie active because of some reason
e) finally paypal often has website issues, maybe you connected in the wrong second
You should also know that paypal uses not only normal cookies, they also track you through LSO cookies (flash cookies)
You can read more here:
Separate names with a comma.