HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Progressive Web App (PWA) Phishing

dEEpEst

dEEpEst

☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Mar 29, 2018
Messages
13,861
Solutions
4
Reputation
32
Reaction score
45,552
Points
1,813
Credits
55,350
‎7 Years of Service‎
 
56%
demo.gif


Progressive Web App (PWA) Phishing

Attack Scenario

A user lands on index.html and clicks the "Install Microsoft Application" button. The install app prompt appears and once it is installed by the user, the JavaScript embedded in index.html redirects the PWA window to the phishing page that hase a fake URL bar at the top (i.e. mrd0x.html). Ensure that you're testing this over HTTPS to avoid encountering issues.

Files

  • index.html - Landing page that has an "Install Microsoft Application" button.
  • manifset.json - The PWA manifest file.
  • service-worker.js - The PWA service worker.
  • mrd0x.html - This is a sample Microsoft phishing page that has a fake URL bar at the top of the page.
  • styles.css - CSS stylesheet.
  • submit.php - Simple PHP file that logs the credentials entered on the Microsoft phishing page.



Usage

This repository is simply to demonstrate how PWA phishing works. Don't use it for illegal purposes.

A PWA Phishing template which was explained here:
To see this hidden content, you must like this content.
Download 

To see this hidden content, you must like this content.
 
dEEpEst said:
demo.gif


Progressive Web App (PWA) Phishing

Attack Scenario

A user lands on index.html and clicks the "Install Microsoft Application" button. The install app prompt appears and once it is installed by the user, the JavaScript embedded in index.html redirects the PWA window to the phishing page that hase a fake URL bar at the top (i.e. mrd0x.html). Ensure that you're testing this over HTTPS to avoid encountering issues.

Files

  • index.html - Landing page that has an "Install Microsoft Application" button.

  • manifset.json - The PWA manifest file.

  • service-worker.js - The PWA service worker.

  • mrd0x.html - This is a sample Microsoft phishing page that has a fake URL bar at the top of the page.

  • styles.css - CSS stylesheet.

  • submit.php - Simple PHP file that logs the credentials entered on the Microsoft phishing page.



Usage

This repository is simply to demonstrate how PWA phishing works. Don't use it for illegal purposes.

A PWA Phishing template which was explained here: [Hidden content]

Download

[Hidden content]
Click to expand...
dEEpEstI can't like it for some reason, but I wanted to see it so much
 
You must log in or register to reply here.
Back
Top