WebSharePhishing /
root on 26 May 1 KB readme tidy


Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).

This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.

The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:

desktop installation android installation

Once you have installed the icon will look:

desktop installed android home screen android app drawer

Finally once the application is launched this is how it looks:

running on android running on desktop