diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/desktop_install.png b/Examples/desktop_install.png
new file mode 100755
index 0000000..dec03df
--- /dev/null
+++ b/Examples/desktop_install.png
Binary files differ
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/desktop_install.png b/Examples/desktop_install.png
new file mode 100755
index 0000000..dec03df
--- /dev/null
+++ b/Examples/desktop_install.png
Binary files differ
diff --git a/Examples/desktop_installed.png b/Examples/desktop_installed.png
new file mode 100755
index 0000000..be33eb0
--- /dev/null
+++ b/Examples/desktop_installed.png
Binary files differ
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/desktop_install.png b/Examples/desktop_install.png
new file mode 100755
index 0000000..dec03df
--- /dev/null
+++ b/Examples/desktop_install.png
Binary files differ
diff --git a/Examples/desktop_installed.png b/Examples/desktop_installed.png
new file mode 100755
index 0000000..be33eb0
--- /dev/null
+++ b/Examples/desktop_installed.png
Binary files differ
diff --git a/Examples/desktop_running.png b/Examples/desktop_running.png
new file mode 100755
index 0000000..db05649
--- /dev/null
+++ b/Examples/desktop_running.png
Binary files differ
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/desktop_install.png b/Examples/desktop_install.png
new file mode 100755
index 0000000..dec03df
--- /dev/null
+++ b/Examples/desktop_install.png
Binary files differ
diff --git a/Examples/desktop_installed.png b/Examples/desktop_installed.png
new file mode 100755
index 0000000..be33eb0
--- /dev/null
+++ b/Examples/desktop_installed.png
Binary files differ
diff --git a/Examples/desktop_running.png b/Examples/desktop_running.png
new file mode 100755
index 0000000..db05649
--- /dev/null
+++ b/Examples/desktop_running.png
Binary files differ
diff --git a/README.md b/README.md
index 7d057da..a6d111f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,22 @@
WebSharePhishing
===============
-Web share target API phishing PoC
\ No newline at end of file
+Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).
+
+This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.
+
+The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:
+
+
+
+
+Once you have installed the icon will look:
+
+
+
+
+
+Finally once the application is launched this is how it looks:
+
+
+
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/desktop_install.png b/Examples/desktop_install.png
new file mode 100755
index 0000000..dec03df
--- /dev/null
+++ b/Examples/desktop_install.png
Binary files differ
diff --git a/Examples/desktop_installed.png b/Examples/desktop_installed.png
new file mode 100755
index 0000000..be33eb0
--- /dev/null
+++ b/Examples/desktop_installed.png
Binary files differ
diff --git a/Examples/desktop_running.png b/Examples/desktop_running.png
new file mode 100755
index 0000000..db05649
--- /dev/null
+++ b/Examples/desktop_running.png
Binary files differ
diff --git a/README.md b/README.md
index 7d057da..a6d111f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,22 @@
WebSharePhishing
===============
-Web share target API phishing PoC
\ No newline at end of file
+Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).
+
+This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.
+
+The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:
+
+
+
+
+Once you have installed the icon will look:
+
+
+
+
+
+Finally once the application is launched this is how it looks:
+
+
+
diff --git a/bank-192.png b/bank-192.png
new file mode 100755
index 0000000..0767cf0
--- /dev/null
+++ b/bank-192.png
Binary files differ
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/desktop_install.png b/Examples/desktop_install.png
new file mode 100755
index 0000000..dec03df
--- /dev/null
+++ b/Examples/desktop_install.png
Binary files differ
diff --git a/Examples/desktop_installed.png b/Examples/desktop_installed.png
new file mode 100755
index 0000000..be33eb0
--- /dev/null
+++ b/Examples/desktop_installed.png
Binary files differ
diff --git a/Examples/desktop_running.png b/Examples/desktop_running.png
new file mode 100755
index 0000000..db05649
--- /dev/null
+++ b/Examples/desktop_running.png
Binary files differ
diff --git a/README.md b/README.md
index 7d057da..a6d111f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,22 @@
WebSharePhishing
===============
-Web share target API phishing PoC
\ No newline at end of file
+Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).
+
+This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.
+
+The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:
+
+
+
+
+Once you have installed the icon will look:
+
+
+
+
+
+Finally once the application is launched this is how it looks:
+
+
+
diff --git a/bank-192.png b/bank-192.png
new file mode 100755
index 0000000..0767cf0
--- /dev/null
+++ b/bank-192.png
Binary files differ
diff --git a/bank-512.png b/bank-512.png
new file mode 100755
index 0000000..b6381a9
--- /dev/null
+++ b/bank-512.png
Binary files differ
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/desktop_install.png b/Examples/desktop_install.png
new file mode 100755
index 0000000..dec03df
--- /dev/null
+++ b/Examples/desktop_install.png
Binary files differ
diff --git a/Examples/desktop_installed.png b/Examples/desktop_installed.png
new file mode 100755
index 0000000..be33eb0
--- /dev/null
+++ b/Examples/desktop_installed.png
Binary files differ
diff --git a/Examples/desktop_running.png b/Examples/desktop_running.png
new file mode 100755
index 0000000..db05649
--- /dev/null
+++ b/Examples/desktop_running.png
Binary files differ
diff --git a/README.md b/README.md
index 7d057da..a6d111f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,22 @@
WebSharePhishing
===============
-Web share target API phishing PoC
\ No newline at end of file
+Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).
+
+This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.
+
+The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:
+
+
+
+
+Once you have installed the icon will look:
+
+
+
+
+
+Finally once the application is launched this is how it looks:
+
+
+
diff --git a/bank-192.png b/bank-192.png
new file mode 100755
index 0000000..0767cf0
--- /dev/null
+++ b/bank-192.png
Binary files differ
diff --git a/bank-512.png b/bank-512.png
new file mode 100755
index 0000000..b6381a9
--- /dev/null
+++ b/bank-512.png
Binary files differ
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..fb09d38
--- /dev/null
+++ b/index.php
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <title>ElBanko</title>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <!-- import the webpage's stylesheet -->
+ <link rel="stylesheet" href="./style.css">
+ <!-- Manifest -->
+ <link rel="manifest" href="./manifest.json">
+ </head>
+ <body>
+ <h1>
+ Bank Demo
+ </h1>
+ <p>
+ <center>
+ <form>
+ <input type="text" placeholder="username" />
+ <input type="password" placeholder="password" />
+ <input type="submit" value="submit" />
+ </form>
+ </center>
+ </p>
+
+ <!-- Install/Share buttons, disabled by default -->
+ <div id="installContainer">
+ <button id="butInstall" type="button" disabled>
+ Install
+ </button>
+ </div>
+ <!-- import the webpage's javascript file -->
+ <script src="./script.js"></script>
+ </body>
+</html>
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/desktop_install.png b/Examples/desktop_install.png
new file mode 100755
index 0000000..dec03df
--- /dev/null
+++ b/Examples/desktop_install.png
Binary files differ
diff --git a/Examples/desktop_installed.png b/Examples/desktop_installed.png
new file mode 100755
index 0000000..be33eb0
--- /dev/null
+++ b/Examples/desktop_installed.png
Binary files differ
diff --git a/Examples/desktop_running.png b/Examples/desktop_running.png
new file mode 100755
index 0000000..db05649
--- /dev/null
+++ b/Examples/desktop_running.png
Binary files differ
diff --git a/README.md b/README.md
index 7d057da..a6d111f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,22 @@
WebSharePhishing
===============
-Web share target API phishing PoC
\ No newline at end of file
+Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).
+
+This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.
+
+The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:
+
+
+
+
+Once you have installed the icon will look:
+
+
+
+
+
+Finally once the application is launched this is how it looks:
+
+
+
diff --git a/bank-192.png b/bank-192.png
new file mode 100755
index 0000000..0767cf0
--- /dev/null
+++ b/bank-192.png
Binary files differ
diff --git a/bank-512.png b/bank-512.png
new file mode 100755
index 0000000..b6381a9
--- /dev/null
+++ b/bank-512.png
Binary files differ
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..fb09d38
--- /dev/null
+++ b/index.php
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <title>ElBanko</title>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <!-- import the webpage's stylesheet -->
+ <link rel="stylesheet" href="./style.css">
+ <!-- Manifest -->
+ <link rel="manifest" href="./manifest.json">
+ </head>
+ <body>
+ <h1>
+ Bank Demo
+ </h1>
+ <p>
+ <center>
+ <form>
+ <input type="text" placeholder="username" />
+ <input type="password" placeholder="password" />
+ <input type="submit" value="submit" />
+ </form>
+ </center>
+ </p>
+
+ <!-- Install/Share buttons, disabled by default -->
+ <div id="installContainer">
+ <button id="butInstall" type="button" disabled>
+ Install
+ </button>
+ </div>
+ <!-- import the webpage's javascript file -->
+ <script src="./script.js"></script>
+ </body>
+</html>
diff --git a/manifest.json b/manifest.json
new file mode 100644
index 0000000..a2f69bb
--- /dev/null
+++ b/manifest.json
@@ -0,0 +1,26 @@
+{
+ "short_name": "Bank",
+ "name": "Banking Login",
+ "share_target": {
+ "action": "index.php",
+ "method":"GET"
+ },
+ "description": "Log in to bank",
+ "icons": [
+ {
+ "src": "https://rossmarks.uk/bank/bank-192.png",
+ "sizes": "192x192",
+ "type": "image/png"
+ },
+ {
+ "src": "https://rossmarks.uk/bank/bank-512.png",
+ "sizes": "512x512",
+ "type": "image/png"
+ }
+ ],
+ "start_url": "index.php",
+ "background_color": "#c6f2f7",
+ "display": "standalone",
+ "scope": "/bank/",
+ "theme_color": "#14168c"
+}
\ No newline at end of file
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/desktop_install.png b/Examples/desktop_install.png
new file mode 100755
index 0000000..dec03df
--- /dev/null
+++ b/Examples/desktop_install.png
Binary files differ
diff --git a/Examples/desktop_installed.png b/Examples/desktop_installed.png
new file mode 100755
index 0000000..be33eb0
--- /dev/null
+++ b/Examples/desktop_installed.png
Binary files differ
diff --git a/Examples/desktop_running.png b/Examples/desktop_running.png
new file mode 100755
index 0000000..db05649
--- /dev/null
+++ b/Examples/desktop_running.png
Binary files differ
diff --git a/README.md b/README.md
index 7d057da..a6d111f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,22 @@
WebSharePhishing
===============
-Web share target API phishing PoC
\ No newline at end of file
+Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).
+
+This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.
+
+The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:
+
+
+
+
+Once you have installed the icon will look:
+
+
+
+
+
+Finally once the application is launched this is how it looks:
+
+
+
diff --git a/bank-192.png b/bank-192.png
new file mode 100755
index 0000000..0767cf0
--- /dev/null
+++ b/bank-192.png
Binary files differ
diff --git a/bank-512.png b/bank-512.png
new file mode 100755
index 0000000..b6381a9
--- /dev/null
+++ b/bank-512.png
Binary files differ
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..fb09d38
--- /dev/null
+++ b/index.php
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <title>ElBanko</title>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <!-- import the webpage's stylesheet -->
+ <link rel="stylesheet" href="./style.css">
+ <!-- Manifest -->
+ <link rel="manifest" href="./manifest.json">
+ </head>
+ <body>
+ <h1>
+ Bank Demo
+ </h1>
+ <p>
+ <center>
+ <form>
+ <input type="text" placeholder="username" />
+ <input type="password" placeholder="password" />
+ <input type="submit" value="submit" />
+ </form>
+ </center>
+ </p>
+
+ <!-- Install/Share buttons, disabled by default -->
+ <div id="installContainer">
+ <button id="butInstall" type="button" disabled>
+ Install
+ </button>
+ </div>
+ <!-- import the webpage's javascript file -->
+ <script src="./script.js"></script>
+ </body>
+</html>
diff --git a/manifest.json b/manifest.json
new file mode 100644
index 0000000..a2f69bb
--- /dev/null
+++ b/manifest.json
@@ -0,0 +1,26 @@
+{
+ "short_name": "Bank",
+ "name": "Banking Login",
+ "share_target": {
+ "action": "index.php",
+ "method":"GET"
+ },
+ "description": "Log in to bank",
+ "icons": [
+ {
+ "src": "https://rossmarks.uk/bank/bank-192.png",
+ "sizes": "192x192",
+ "type": "image/png"
+ },
+ {
+ "src": "https://rossmarks.uk/bank/bank-512.png",
+ "sizes": "512x512",
+ "type": "image/png"
+ }
+ ],
+ "start_url": "index.php",
+ "background_color": "#c6f2f7",
+ "display": "standalone",
+ "scope": "/bank/",
+ "theme_color": "#14168c"
+}
\ No newline at end of file
diff --git a/script.js b/script.js
new file mode 100644
index 0000000..43b95c7
--- /dev/null
+++ b/script.js
@@ -0,0 +1,54 @@
+const divResult = document.getElementById('result');
+const divInstall = document.getElementById('installContainer');
+const butInstall = document.getElementById('butInstall');
+
+window.addEventListener('beforeinstallprompt', (event) => {
+ console.log('👍', 'beforeinstallprompt', event);
+ // Stash the event so it can be triggered later.
+ window.deferredPrompt = event;
+ // Remove the 'hidden' class from the install button container
+ butInstall.removeAttribute('disabled');
+});
+
+butInstall.addEventListener('click', () => {
+ console.log('👍', 'butInstall-clicked');
+ const promptEvent = window.deferredPrompt
+ if (!promptEvent) {
+ // The deferred prompt isn't available.
+ return;
+ }
+ // Show the install prompt.
+ promptEvent.prompt();
+ // Log the result
+ promptEvent.userChoice.then((result) => {
+ console.log('👍', 'userChoice', result);
+ // Reset the deferred prompt variable, since
+ // prompt() can only be called once.
+ window.deferredPrompt = null;
+ // Hide the install button.
+ butInstall.setAttribute('disabled', true);
+ });
+});
+
+window.addEventListener('appinstalled', (event) => {
+ console.log('👍', 'appinstalled', event);
+});
+
+/* Only register a service worker if it's supported */
+if ('serviceWorker' in navigator) {
+ console.log('👍', 'navigator.serviceWorker is supported');
+ navigator.serviceWorker.register('https://rossmarks.uk/bank/service-worker.js');
+}
+
+/**
+ * Warn the page must be served over HTTPS
+ * The `beforeinstallprompt` event won't fire if the page is served over HTTP.
+ * Installability requires a service worker with a fetch event handler, and
+ * if the page isn't served over HTTPS, the service worker won't load.
+ */
+if (window.location.protocol === 'http:') {
+ const requireHTTPS = document.getElementById('requireHTTPS');
+ const link = requireHTTPS.querySelector('a');
+ link.href = window.location.href.replace('http://', 'https://');
+ requireHTTPS.classList.remove('hidden');
+}
\ No newline at end of file
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/desktop_install.png b/Examples/desktop_install.png
new file mode 100755
index 0000000..dec03df
--- /dev/null
+++ b/Examples/desktop_install.png
Binary files differ
diff --git a/Examples/desktop_installed.png b/Examples/desktop_installed.png
new file mode 100755
index 0000000..be33eb0
--- /dev/null
+++ b/Examples/desktop_installed.png
Binary files differ
diff --git a/Examples/desktop_running.png b/Examples/desktop_running.png
new file mode 100755
index 0000000..db05649
--- /dev/null
+++ b/Examples/desktop_running.png
Binary files differ
diff --git a/README.md b/README.md
index 7d057da..a6d111f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,22 @@
WebSharePhishing
===============
-Web share target API phishing PoC
\ No newline at end of file
+Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).
+
+This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.
+
+The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:
+
+
+
+
+Once you have installed the icon will look:
+
+
+
+
+
+Finally once the application is launched this is how it looks:
+
+
+
diff --git a/bank-192.png b/bank-192.png
new file mode 100755
index 0000000..0767cf0
--- /dev/null
+++ b/bank-192.png
Binary files differ
diff --git a/bank-512.png b/bank-512.png
new file mode 100755
index 0000000..b6381a9
--- /dev/null
+++ b/bank-512.png
Binary files differ
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..fb09d38
--- /dev/null
+++ b/index.php
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <title>ElBanko</title>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <!-- import the webpage's stylesheet -->
+ <link rel="stylesheet" href="./style.css">
+ <!-- Manifest -->
+ <link rel="manifest" href="./manifest.json">
+ </head>
+ <body>
+ <h1>
+ Bank Demo
+ </h1>
+ <p>
+ <center>
+ <form>
+ <input type="text" placeholder="username" />
+ <input type="password" placeholder="password" />
+ <input type="submit" value="submit" />
+ </form>
+ </center>
+ </p>
+
+ <!-- Install/Share buttons, disabled by default -->
+ <div id="installContainer">
+ <button id="butInstall" type="button" disabled>
+ Install
+ </button>
+ </div>
+ <!-- import the webpage's javascript file -->
+ <script src="./script.js"></script>
+ </body>
+</html>
diff --git a/manifest.json b/manifest.json
new file mode 100644
index 0000000..a2f69bb
--- /dev/null
+++ b/manifest.json
@@ -0,0 +1,26 @@
+{
+ "short_name": "Bank",
+ "name": "Banking Login",
+ "share_target": {
+ "action": "index.php",
+ "method":"GET"
+ },
+ "description": "Log in to bank",
+ "icons": [
+ {
+ "src": "https://rossmarks.uk/bank/bank-192.png",
+ "sizes": "192x192",
+ "type": "image/png"
+ },
+ {
+ "src": "https://rossmarks.uk/bank/bank-512.png",
+ "sizes": "512x512",
+ "type": "image/png"
+ }
+ ],
+ "start_url": "index.php",
+ "background_color": "#c6f2f7",
+ "display": "standalone",
+ "scope": "/bank/",
+ "theme_color": "#14168c"
+}
\ No newline at end of file
diff --git a/script.js b/script.js
new file mode 100644
index 0000000..43b95c7
--- /dev/null
+++ b/script.js
@@ -0,0 +1,54 @@
+const divResult = document.getElementById('result');
+const divInstall = document.getElementById('installContainer');
+const butInstall = document.getElementById('butInstall');
+
+window.addEventListener('beforeinstallprompt', (event) => {
+ console.log('👍', 'beforeinstallprompt', event);
+ // Stash the event so it can be triggered later.
+ window.deferredPrompt = event;
+ // Remove the 'hidden' class from the install button container
+ butInstall.removeAttribute('disabled');
+});
+
+butInstall.addEventListener('click', () => {
+ console.log('👍', 'butInstall-clicked');
+ const promptEvent = window.deferredPrompt
+ if (!promptEvent) {
+ // The deferred prompt isn't available.
+ return;
+ }
+ // Show the install prompt.
+ promptEvent.prompt();
+ // Log the result
+ promptEvent.userChoice.then((result) => {
+ console.log('👍', 'userChoice', result);
+ // Reset the deferred prompt variable, since
+ // prompt() can only be called once.
+ window.deferredPrompt = null;
+ // Hide the install button.
+ butInstall.setAttribute('disabled', true);
+ });
+});
+
+window.addEventListener('appinstalled', (event) => {
+ console.log('👍', 'appinstalled', event);
+});
+
+/* Only register a service worker if it's supported */
+if ('serviceWorker' in navigator) {
+ console.log('👍', 'navigator.serviceWorker is supported');
+ navigator.serviceWorker.register('https://rossmarks.uk/bank/service-worker.js');
+}
+
+/**
+ * Warn the page must be served over HTTPS
+ * The `beforeinstallprompt` event won't fire if the page is served over HTTP.
+ * Installability requires a service worker with a fetch event handler, and
+ * if the page isn't served over HTTPS, the service worker won't load.
+ */
+if (window.location.protocol === 'http:') {
+ const requireHTTPS = document.getElementById('requireHTTPS');
+ const link = requireHTTPS.querySelector('a');
+ link.href = window.location.href.replace('http://', 'https://');
+ requireHTTPS.classList.remove('hidden');
+}
\ No newline at end of file
diff --git a/service-worker.js b/service-worker.js
new file mode 100644
index 0000000..476474c
--- /dev/null
+++ b/service-worker.js
@@ -0,0 +1,16 @@
+self.addEventListener('install', (event) => {
+ console.log('👷', 'install', event);
+ self.skipWaiting();
+});
+
+self.addEventListener('activate', (event) => {
+ console.log('👷', 'activate', event);
+ return self.clients.claim();
+});
+
+
+self.addEventListener('fetch', function(event) {
+ // console.log('👷', 'fetch', event);
+ event.respondWith(fetch(event.request));
+});
+
diff --git a/Examples/android_app_drawer.jpg b/Examples/android_app_drawer.jpg
new file mode 100755
index 0000000..62a4c63
--- /dev/null
+++ b/Examples/android_app_drawer.jpg
Binary files differ
diff --git a/Examples/android_home.jpg b/Examples/android_home.jpg
new file mode 100755
index 0000000..9ed8f7b
--- /dev/null
+++ b/Examples/android_home.jpg
Binary files differ
diff --git a/Examples/android_install.jpg b/Examples/android_install.jpg
new file mode 100755
index 0000000..c5c7b2d
--- /dev/null
+++ b/Examples/android_install.jpg
Binary files differ
diff --git a/Examples/android_running.jpg b/Examples/android_running.jpg
new file mode 100755
index 0000000..2dd015e
--- /dev/null
+++ b/Examples/android_running.jpg
Binary files differ
diff --git a/Examples/desktop_install.png b/Examples/desktop_install.png
new file mode 100755
index 0000000..dec03df
--- /dev/null
+++ b/Examples/desktop_install.png
Binary files differ
diff --git a/Examples/desktop_installed.png b/Examples/desktop_installed.png
new file mode 100755
index 0000000..be33eb0
--- /dev/null
+++ b/Examples/desktop_installed.png
Binary files differ
diff --git a/Examples/desktop_running.png b/Examples/desktop_running.png
new file mode 100755
index 0000000..db05649
--- /dev/null
+++ b/Examples/desktop_running.png
Binary files differ
diff --git a/README.md b/README.md
index 7d057da..a6d111f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,22 @@
WebSharePhishing
===============
-Web share target API phishing PoC
\ No newline at end of file
+Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).
+
+This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.
+
+The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:
+
+
+
+
+Once you have installed the icon will look:
+
+
+
+
+
+Finally once the application is launched this is how it looks:
+
+
+
diff --git a/bank-192.png b/bank-192.png
new file mode 100755
index 0000000..0767cf0
--- /dev/null
+++ b/bank-192.png
Binary files differ
diff --git a/bank-512.png b/bank-512.png
new file mode 100755
index 0000000..b6381a9
--- /dev/null
+++ b/bank-512.png
Binary files differ
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..fb09d38
--- /dev/null
+++ b/index.php
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <title>ElBanko</title>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <!-- import the webpage's stylesheet -->
+ <link rel="stylesheet" href="./style.css">
+ <!-- Manifest -->
+ <link rel="manifest" href="./manifest.json">
+ </head>
+ <body>
+ <h1>
+ Bank Demo
+ </h1>
+ <p>
+ <center>
+ <form>
+ <input type="text" placeholder="username" />
+ <input type="password" placeholder="password" />
+ <input type="submit" value="submit" />
+ </form>
+ </center>
+ </p>
+
+ <!-- Install/Share buttons, disabled by default -->
+ <div id="installContainer">
+ <button id="butInstall" type="button" disabled>
+ Install
+ </button>
+ </div>
+ <!-- import the webpage's javascript file -->
+ <script src="./script.js"></script>
+ </body>
+</html>
diff --git a/manifest.json b/manifest.json
new file mode 100644
index 0000000..a2f69bb
--- /dev/null
+++ b/manifest.json
@@ -0,0 +1,26 @@
+{
+ "short_name": "Bank",
+ "name": "Banking Login",
+ "share_target": {
+ "action": "index.php",
+ "method":"GET"
+ },
+ "description": "Log in to bank",
+ "icons": [
+ {
+ "src": "https://rossmarks.uk/bank/bank-192.png",
+ "sizes": "192x192",
+ "type": "image/png"
+ },
+ {
+ "src": "https://rossmarks.uk/bank/bank-512.png",
+ "sizes": "512x512",
+ "type": "image/png"
+ }
+ ],
+ "start_url": "index.php",
+ "background_color": "#c6f2f7",
+ "display": "standalone",
+ "scope": "/bank/",
+ "theme_color": "#14168c"
+}
\ No newline at end of file
diff --git a/script.js b/script.js
new file mode 100644
index 0000000..43b95c7
--- /dev/null
+++ b/script.js
@@ -0,0 +1,54 @@
+const divResult = document.getElementById('result');
+const divInstall = document.getElementById('installContainer');
+const butInstall = document.getElementById('butInstall');
+
+window.addEventListener('beforeinstallprompt', (event) => {
+ console.log('👍', 'beforeinstallprompt', event);
+ // Stash the event so it can be triggered later.
+ window.deferredPrompt = event;
+ // Remove the 'hidden' class from the install button container
+ butInstall.removeAttribute('disabled');
+});
+
+butInstall.addEventListener('click', () => {
+ console.log('👍', 'butInstall-clicked');
+ const promptEvent = window.deferredPrompt
+ if (!promptEvent) {
+ // The deferred prompt isn't available.
+ return;
+ }
+ // Show the install prompt.
+ promptEvent.prompt();
+ // Log the result
+ promptEvent.userChoice.then((result) => {
+ console.log('👍', 'userChoice', result);
+ // Reset the deferred prompt variable, since
+ // prompt() can only be called once.
+ window.deferredPrompt = null;
+ // Hide the install button.
+ butInstall.setAttribute('disabled', true);
+ });
+});
+
+window.addEventListener('appinstalled', (event) => {
+ console.log('👍', 'appinstalled', event);
+});
+
+/* Only register a service worker if it's supported */
+if ('serviceWorker' in navigator) {
+ console.log('👍', 'navigator.serviceWorker is supported');
+ navigator.serviceWorker.register('https://rossmarks.uk/bank/service-worker.js');
+}
+
+/**
+ * Warn the page must be served over HTTPS
+ * The `beforeinstallprompt` event won't fire if the page is served over HTTP.
+ * Installability requires a service worker with a fetch event handler, and
+ * if the page isn't served over HTTPS, the service worker won't load.
+ */
+if (window.location.protocol === 'http:') {
+ const requireHTTPS = document.getElementById('requireHTTPS');
+ const link = requireHTTPS.querySelector('a');
+ link.href = window.location.href.replace('http://', 'https://');
+ requireHTTPS.classList.remove('hidden');
+}
\ No newline at end of file
diff --git a/service-worker.js b/service-worker.js
new file mode 100644
index 0000000..476474c
--- /dev/null
+++ b/service-worker.js
@@ -0,0 +1,16 @@
+self.addEventListener('install', (event) => {
+ console.log('👷', 'install', event);
+ self.skipWaiting();
+});
+
+self.addEventListener('activate', (event) => {
+ console.log('👷', 'activate', event);
+ return self.clients.claim();
+});
+
+
+self.addEventListener('fetch', function(event) {
+ // console.log('👷', 'fetch', event);
+ event.respondWith(fetch(event.request));
+});
+
diff --git a/style.css b/style.css
new file mode 100644
index 0000000..56e0ff6
--- /dev/null
+++ b/style.css
@@ -0,0 +1,36 @@
+body {
+ background-color: #c6f2f7;
+ font-family: Helvetica, Arial, sans-serif;
+}
+
+h1 {
+ text-align: center;
+}
+
+.hidden {
+ display: none !important;
+}
+
+button[disabled] {
+ opacity: 0.5;
+ border: 1px solid rgba(20, 22, 140, 0.5) !important;
+}
+
+#installContainer {
+ position: absolute;
+ bottom: 1em;
+ display: flex;
+ justify-content: center;
+ width: 100%;
+}
+
+#installContainer button {
+ background-color: inherit;
+ border: 1px solid #14168c;
+ font-size: 1em;
+ padding: 0.75em;
+}
+
+#butInstall {
+ margin-left: 1em;
+}
\ No newline at end of file