m41kl-n41tt / evilginx.botguard2 Goto Github PK

Remember the good ol' days when you could snag user credentials with a simple MITM phishing tool? When Google's anti-bot systems were more like a polite suggestion than a digital fortress? Yeah, those days are gone. Welcome to the wild world of JavaScript-fueled login paranoia.

But fear not, my fellow phishing enthusiasts! While we can't turn back the clock, we can shimmy our way back into Google's inner circle with... evilginx.botguard 2!

• Headless Browser Wrangling: We'll dance the delicate tango with headless browsers to coax out those precious, legitimate botguard tokens. It's like teaching an elephant to waltz; awkward, occasionally destructive, but strangely effective.
• Token Swapping Shenanigans: Think of it as the ultimate sleight of hand. We'll ditch those bogus tokens and slip in the real deal, all while whispering sweet nothings to Google's JavaScript overlords.
• Error Messages Galore: Get ready for a symphony of cryptic JavaScript errors! It's the soundtrack of our struggle, a testament to the absurdity of modern web security.
• AST Parsing Mischief: Buckle up for some tree-climbing adventures, folks! We're dissecting JavaScript code with the precision of a surgeon to pinpoint exactly where those pesky location calls try to hide.
• JavaScript Global Property Hijinks: We're going full-on Succession-style puppet masters with JavaScript's global properties (and with of course our Monkey Wrench). Think mind control for browser variables, bending them to our will and defying expectations.

• May induce spontaneous outbursts of laughter, existential despair, or a potent combination of both.
• Success rates are directly proportional to Google's ever-changing whims. It's like playing whack-a-mole with a constantly morphing mole.
• Not for the faint of heart or those allergic to convoluted JavaScript workarounds.

...Instructions on how to actually make this monstrosity work are pending.