Web share target API phishing PoC
Examples | 2 years ago | ||
README.md | 2 years ago | ||
bank-192.png | 2 years ago | ||
bank-512.png | 2 years ago | ||
index.php | 2 years ago | ||
manifest.json | 2 years ago | ||
script.js | 2 years ago | ||
service-worker.js | 2 years ago | ||
style.css | 2 years ago |
Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).
This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.
The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:
Once you have installed the icon will look:
Finally once the application is launched this is how it looks: