Week 20 - Google Phishing Page
Last updated
Last updated
This week’s web hacking post goes out to my fellow emulated criminals interested in phishing for Google credentials: I created a GitHub repo that allows you to quickly spin up a fake two-part Google login, link is in the comments. All you need is a web server that supports PHP and 4 simple commands.
https://github.com/jakedmurphy1/GooglePhishing
You can customize the username page to contain whatever domain you’d like (just edit the JavaScript on line 21 of index.html) and have it up-and-running in just a few minutes.
Extra Tip: You can watch the creds.txt file live as passwords start coming in, just run the following command on your server:
tail -f /opt/GooglePhishing/creds.txt | while read line; do echo $line; sleep 3; done
This command will display the contents of the creds.txt file, updating every 3 seconds. If you like bash/linux tips follow my friend and colleague James Stahl for his weekly series.