amijesse / linkbait Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
As of the 5/29/20, the Discord detection no longer functions correctly.
Hey! Thanks for the project. I've added a simple but useful feature on my end:
submitResult('url', window.location.href);
This logs the URL that was accessed. It can be useful when you need to sift through multiple logs looking for a specific one that clicked on a custom URL.
logger.php makes external ajax calls for scraping purposes to the following URL's
https://ipv6.hastysec.dev on Line 234 of logger.php
https://mtu.hastysec.dev on Line 257 of logger.php
These can be disabled in the code but should be recognised as an external call which may trigger some cross site scripting detection as well as leaking additional information about the target to the responding external service.
Is this version still working? I get a completely different output compared to the one on inteltechniques. Maybe I have to do some configuration I'm not aware of or there's something with my sever preventing it going further:
What I'm getting:
174.104.xx.xx -- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
http://mydomain.xyz/
url: http://mydomain.xyz/?i=1
touch: false
gpu: ANGLE (NVIDIA GeForce GTX 1660 Ti Direct3D11 vs_5_0 ps_5_0)
browserVersion: 5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
renderer: Gecko
platform: Win32
Screen Width: 1920
Screen Height: 1080
This is what I get from inteltechniques hosted version
Touch not enabled, probably desktop
GPU: ANGLE (NVIDIA GeForce GTX 1660 Ti Direct3D11 vs_5_0 ps_5_0)
Browser code name: Mozilla
Browser app version: 5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Browser product: Gecko
Browser platform: Win32
Screen Y: 1080
Screen X: 1920
Found webcam
Found mic
Unable to get IPV6error
Discord: Running
61 fonts: Arial,Arial Black,Arial Narrow,Bahnschrift,Calibri,Cambria,Cambria Math,Candara,Comic Sans MS,Consolas,Constantia,Corbel,Courier,Courier New,Ebrima,Franklin Gothic Medium,Gabriola,Gadugi,Georgia,HoloLens MDL2 Assets,Impact,Ink Free,Javanese Text,Leelawadee UI,Lucida Console,Lucida Sans Unicode,MS Gothic,MV Boli,Malgun Gothic,Marlett,Microsoft Himalaya,Microsoft JhengHei,Microsoft New Tai Lue,Microsoft PhagsPa,Microsoft Sans Serif,Microsoft Tai Le,Microsoft YaHei,Microsoft Yi Baiti,MingLiU-ExtB,Mongolian Baiti,Myanmar Text,Nirmala UI,Palatino Linotype,Segoe MDL2 Assets,Segoe Print,Segoe Script,Segoe UI,Segoe UI Emoji,Segoe UI Historic,Segoe UI Symbol,SimSun,Sylfaen,Symbol,Tahoma,Times,Times New Roman,Trebuchet MS,Verdana,Webdings,Wingdings,Yu Gothic
Logged in websites: Facebook, Google Services, Hotmail
Loaded extensions (chrome only): Lastpass, Chrome Media Router
System Time: 2021-3-11 0:26:21
System language: en-US
First seen = 2021/03/11 03:32:11
Last update = 2021/03/11 05:26:22
Total flows = 2
Detected OS = Windows NT kernel [generic]
HTTP software = ???
MTU = 1448
Network link = ???
Language = ???
Distance = 15
MTU not 1500, VPN probable.
{REDACTED BY ME} //includes ISP and IP info and general geolocation
Also on a side note grabify.link is able to get device model. Any idea how to get that? Is it possible to get the device's given name? Sometimes people name their machines after themselves.
I may just be misunderstanding how this works, but when trying to figure out this http request the script makes to the ipv6 check server ( https://ipv6.hastysec.dev/ ), it doesn't send a response saying it's not able to reach the network. Is this something that would only be reachable if ipv6 is enabled maybe?
Is this backend code something you're able to add to the codebase as well as the reply to the mtu service?
hi,
this works great, thank you. when using the logger.php file, it creates the txt-report as it should. but when I navigate to something like logger.php/random/check2-newyork-broadway, it shows the "The requested page has been removed"-page as it should, but creates no log. what should I do?
thank you for all the great work!
all the best โ
bs
The only one that seems to work for me is Google Services.
When logged in to google/gmail, the script always returns Google Services. However for the other ones I am getting CORB errors like this. The error is the same whether or not I am logged in to that service.
_8Cross-Origin Read Blocking (CORB) blocked cross-origin response with MIME type text/html. See for more details.
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://twitter.com/login?redirect_after_login=/favicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.instagram.com/accounts/login/?next=%2Ffavicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://login.yahoo.com/?.src=ym&.partner=none&.lang=en-CA&.intl=ca&.done=https%3A%2F%2Fmail.yahoo.com%2Ffavicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.paypal.com/signin?returnUri=favicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Ffavicon.ico&pageId=webcs-yourorder&showRmrMe=1?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.match.com/login?to=/favicon.ico?&1681764428845 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1681764428&rver=7.5.2116.0&wp=MBI_SSL&wreply=https:%2F%2Fstorage.live.com%2Fstorageservice%2Fpassport%2Fauth.aspx%3Fsru%3Dhttps:%252f%252fstorage.live.com%252fmydata%252fmyprofile%252fexpressionprofile%252fprofilephoto:UserTileStatic%252cUserTileSmall%252fMeControlMediumUserTile&lc=1033&id=63539 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
Not sure if this is just me? This is the error from my Chrome console, running just the example.html
Let me apoligise foremost! I am still learning! Is there a way to encode or obfuscate the PHP script so someone inspecting my page can't see/easily decipher the source code itself?
I attempted using a free encoder but the script doesnt seem to work when I try using the obfuscated version. Any thoughts?
Line 194 in f051168
I'm using Chrome and it is logged as Mozilla
is there a workaround for getting the correct browser?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.