Week 20 - Google Phishing Page

Two-Part Google Phishing Page

This week’s web hacking post goes out to my fellow emulated criminals interested in phishing for Google credentials: I created a GitHub repo that allows you to quickly spin up a fake two-part Google login, link is in the comments. All you need is a web server that supports PHP and 4 simple commands.

https://github.com/jakedmurphy1/GooglePhishing You can customize the username page to contain whatever domain you’d like (just edit the JavaScript on line 21 of index.html) and have it up-and-running in just a few minutes. Extra Tip: You can watch the creds.txt file live as passwords start coming in, just run the following command on your server: tail -f /opt/GooglePhishing/creds.txt | while read line; do echo $line; sleep 3; done This command will display the contents of the creds.txt file, updating every 3 seconds. If you like bash/linux tips follow my friend and colleague James Stahl for his weekly series.