Web share target API phishing PoC

root authored on 26 May 2022
Examples readme tidy 2 years ago
README.md readme tidy 2 years ago
bank-192.png initial commit 2 years ago
bank-512.png initial commit 2 years ago
index.php initial commit 2 years ago
manifest.json initial commit 2 years ago
script.js initial commit 2 years ago
service-worker.js initial commit 2 years ago
style.css initial commit 2 years ago
README.md

WebSharePhishing

Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).

This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.

The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:

desktop installation android installation

Once you have installed the icon will look:

desktop installed android home screen android app drawer

Finally once the application is launched this is how it looks:

running on android running on desktop