Hmmcookies – Grab Cookies From Firefox, Chrome, Opera Using A Shortcut File (Bypass UAC)

Grab cookies from Firefox, Chrome, Opera using a shortcut file (bypass UAC)Legal disclaimer:Usage of HMMCOOKIES for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this programRead More

EvilApp – Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)

Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated instagram sessions.Legal disclaimer:Usage of EvilApp for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibilityRead More

Self-XSS – Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code

Self-XSS attack using bit.ly to grab cookies tricking users into running malicious code How it works?Self-XSS is a social engineering attack used to gain control of victims’ web accounts by tricking users into copying and pasting malicious content into their browsers. Since Web browser vendors and web sites have taken steps to mitigate this attackRead More

Lockphish – A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it’s the first tool (05/13/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. Features: Lockscreen phishing page for Windows, Android and iPhone Auto detect device Port Forwarding by Ngrok IP Tracker Legal disclaimer:Usage of Lockphish for attacking targets without prior mutualRead More

Saycheese – Grab Target’S Webcam Shots By Link

Take webcam shots from target just sending a malicious link.How it works?The tool generates a malicious HTTPS page using Serveo or Ngrok Port Forwarding methods, and a javascript code to cam requests using MediaDevices.getUserMedia. The MediaDevices.getUserMedia() method prompts the user for permission to use a media input which produces a MediaStream with tracks containing theRead More

Clipboardme – Grab And Inject Clipboard Content By Link

Grab/Inject Clipboard Content Browsers are implementing a new JavaScript API for asynchronous clipboard access to integrate copy and paste into web applications. It is a replacement for the synchronous execCommand-based copy & paste. Async Clipboard requests doesn’t block the page while waiting the process, it’s a improvement over sync requests as well as simplifying eventsRead More

X