Web share target API phishing PoC

root authored on 26 May
Examples readme tidy 4 months ago
README.md readme tidy 4 months ago
bank-192.png initial commit 4 months ago
bank-512.png initial commit 4 months ago
index.php initial commit 4 months ago
manifest.json initial commit 4 months ago
script.js initial commit 4 months ago
service-worker.js initial commit 4 months ago
style.css initial commit 4 months ago
README.md

WebSharePhishing

Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).

This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.

The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:

desktop installation android installation

Once you have installed the icon will look:

desktop installed android home screen android app drawer

Finally once the application is launched this is how it looks:

running on android running on desktop