amijesse / linkbait Goto Github PK

As of the 5/29/20, the Discord detection no longer functions correctly.

Hey! Thanks for the project. I've added a simple but useful feature on my end:
submitResult('url', window.location.href);
This logs the URL that was accessed. It can be useful when you need to sift through multiple logs looking for a specific one that clicked on a custom URL.

logger.php makes external ajax calls for scraping purposes to the following URL's
https://ipv6.hastysec.dev on Line 234 of logger.php
https://mtu.hastysec.dev on Line 257 of logger.php

These can be disabled in the code but should be recognised as an external call which may trigger some cross site scripting detection as well as leaking additional information about the target to the responding external service.

Is this version still working? I get a completely different output compared to the one on inteltechniques. Maybe I have to do some configuration I'm not aware of or there's something with my sever preventing it going further:

What I'm getting:

174.104.xx.xx -- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
http://mydomain.xyz/
url: http://mydomain.xyz/?i=1
touch: false
gpu: ANGLE (NVIDIA GeForce GTX 1660 Ti Direct3D11 vs_5_0 ps_5_0)
browserVersion: 5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
renderer: Gecko
platform: Win32
Screen Width: 1920
Screen Height: 1080

This is what I get from inteltechniques hosted version

Touch not enabled, probably desktop


GPU: ANGLE (NVIDIA GeForce GTX 1660 Ti Direct3D11 vs_5_0 ps_5_0)

Browser code name: Mozilla

Browser app version: 5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36

Browser product: Gecko

Browser platform: Win32

Screen Y: 1080

Screen X: 1920

Found webcam

Found mic

Unable to get IPV6error

Discord: Running

61 fonts: Arial,Arial Black,Arial Narrow,Bahnschrift,Calibri,Cambria,Cambria Math,Candara,Comic Sans MS,Consolas,Constantia,Corbel,Courier,Courier New,Ebrima,Franklin Gothic Medium,Gabriola,Gadugi,Georgia,HoloLens MDL2 Assets,Impact,Ink Free,Javanese Text,Leelawadee UI,Lucida Console,Lucida Sans Unicode,MS Gothic,MV Boli,Malgun Gothic,Marlett,Microsoft Himalaya,Microsoft JhengHei,Microsoft New Tai Lue,Microsoft PhagsPa,Microsoft Sans Serif,Microsoft Tai Le,Microsoft YaHei,Microsoft Yi Baiti,MingLiU-ExtB,Mongolian Baiti,Myanmar Text,Nirmala UI,Palatino Linotype,Segoe MDL2 Assets,Segoe Print,Segoe Script,Segoe UI,Segoe UI Emoji,Segoe UI Historic,Segoe UI Symbol,SimSun,Sylfaen,Symbol,Tahoma,Times,Times New Roman,Trebuchet MS,Verdana,Webdings,Wingdings,Yu Gothic

Logged in websites: Facebook, Google Services, Hotmail

Loaded extensions (chrome only): Lastpass, Chrome Media Router

System Time: 2021-3-11 0:26:21

System language: en-US


First seen = 2021/03/11 03:32:11
Last update = 2021/03/11 05:26:22
Total flows = 2
Detected OS = Windows NT kernel [generic]
HTTP software = ???
MTU = 1448
Network link = ???
Language = ???
Distance = 15
MTU not 1500, VPN probable.
{REDACTED BY ME} //includes ISP and IP info and general geolocation

Also on a side note grabify.link is able to get device model. Any idea how to get that? Is it possible to get the device's given name? Sometimes people name their machines after themselves.

I may just be misunderstanding how this works, but when trying to figure out this http request the script makes to the ipv6 check server ( https://ipv6.hastysec.dev/ ), it doesn't send a response saying it's not able to reach the network. Is this something that would only be reachable if ipv6 is enabled maybe?

Is this backend code something you're able to add to the codebase as well as the reply to the mtu service?

hi,

this works great, thank you. when using the logger.php file, it creates the txt-report as it should. but when I navigate to something like logger.php/random/check2-newyork-broadway, it shows the "The requested page has been removed"-page as it should, but creates no log. what should I do?

thank you for all the great work!

all the best –
bs

The only one that seems to work for me is Google Services.

When logged in to google/gmail, the script always returns Google Services. However for the other ones I am getting CORB errors like this. The error is the same whether or not I am logged in to that service.

_8Cross-Origin Read Blocking (CORB) blocked cross-origin response with MIME type text/html. See for more details.
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://twitter.com/login?redirect_after_login=/favicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.instagram.com/accounts/login/?next=%2Ffavicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://login.yahoo.com/?.src=ym&.partner=none&.lang=en-CA&.intl=ca&.done=https%3A%2F%2Fmail.yahoo.com%2Ffavicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.paypal.com/signin?returnUri=favicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Ffavicon.ico&pageId=webcs-yourorder&showRmrMe=1?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.match.com/login?to=/favicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1681764428&rver=7.5.2116.0&wp=MBI_SSL&wreply=https:%2F%2Fstorage.live.com%2Fstorageservice%2Fpassport%2Fauth.aspx%3Fsru%3Dhttps:%252f%252fstorage.live.com%252fmydata%252fmyprofile%252fexpressionprofile%252fprofilephoto:UserTileStatic%252cUserTileSmall%252fMeControlMediumUserTile&lc=1033&id=63539 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Not sure if this is just me? This is the error from my Chrome console, running just the example.html

Let me apoligise foremost! I am still learning! Is there a way to encode or obfuscate the PHP script so someone inspecting my page can't see/easily decipher the source code itself?

I attempted using a free encoder but the script doesnt seem to work when I try using the obfuscated version. Any thoughts?

I'm using Chrome and it is logged as Mozilla

is there a workaround for getting the correct browser?