Tabnabbing Vulnerability Test

How to Use

  1. From the target website, create a link pointing to https://tools.tigabelassec.my.id/tabnabbing/tabnabbing.html with target="_blank" attribute.
  2. Click on the link. Observe whether the page that opened the link is replaced by this page.
  3. If it is replaced, the website is vulnerable to tabnabbing.
  4. Ensure that all external links use rel="noopener noreferrer" to prevent this vulnerability.

Example Vulnerable Link

This example shows a vulnerable link without proper security attributes: 

<a href="https://tools.tigabelassec.my.id/tabnabbing/tabnabbing.html" target="_blank">Test Tabnabbing</a>

Example Safe Link

This example shows a safe link using rel="noopener noreferrer": 

<a href="https://tools.tigabelassec.my.id/tabnabbing/tabnabbing.html" target="_blank" rel="noopener noreferrer">Test Tabnabbing</a>