[reflex]

I'll explain how clicking on a URL can lead to the theft of all your information stored on Instagram or in your browser. This attack is known as PES Cookie or cookie theft, and it can bypass 2FA. By simply clicking on a link, a user hands over all their account login credentials to the hacker. So, how is it done? The attacker first creates a specially designed website and places custom PHP code within it. JavaScript could be used, but PHP is preferred. Then, don't just send this site to anyone, as it won't work. To function, this site must be sent as a specially prepared URL; only then can you access the user's information. Now, let's take a step-by-step look at how PES Cookie attacks are carried out

git clone https://github.com/TheWation/PhpCookieStealer -y

cd PhpCookieStealer

After downloading the program, we need a server. For Linux, we can use Apache or MyServeer, and for Windows, XAMPP servers. Additionally, the server must have PHP installed for the code to run. For those who don't know, PHP is a server-side programming language, and it's essentially a powerful tool, just like C++ and Python

If you prefer, you can do as I did and directly open the Apache server and enter the path to the input.php file. Otherwise, follow the steps below

sudo apt install php

mkdir wep

cd wep

nano index.php

Copy the code from the input.php file into index.php

Ctrl+S

Ctrl+X

So, how do we start the server? Follow the steps below

Hidden Content

You must register or login to view this content.

There are two examples of how you can use this attack. First, the attacker fills the site with things that the target will like; a single click on the link is enough. Secondly, share it in a place where the target is, like a WhatsApp group. Let me give you an example: Let's say you're a student in high school and you know the person who runs the school's confession page. For those who don't know, confession pages are very common, especially in schools. Students send anonymous messages to the confession page with things they couldn't admit or say on their social media accounts, and the confession page shares the message anonymously. For example, insulting a teacher or confessing love for another student. Now that we know what a confession page is, let's get back to our topic. Let's say you teamed up with the person managing the school's confession page, and you want to capture all the conversations at school. First, make an announcement on the confession page: 'Announcement: To increase the anonymity of the messages we receive and to keep your information safe, we have set up an anonymous messaging system. You can make your confessions with complete anonymity through this link: https://AttackerSite.com.' Users will click on this link to make even more secretive confessions, and they will be met with a site where they can write their confessions. But in the background, the site will secretly access all their browser passwords, usernames, and cookies. When the user writes their confession and clicks send, the confession is emailed to us. We then share the confession on the confession page within 3 minutes. This way, we gained access to almost the entire school's Instagram, Twitter, Snapchat, and TikTok accounts. You can tweak this tactic to suit your needs

For those wondering how to take over all accounts with a single connection, let me explain this: the logic remains the same. Just add all the accounts you want to target to the attack scope and that's it

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Dishes out second hand retardation | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you wish to be unbanned in the future.

[joepa]

Good stuff! Just steal the session token and you don't need 2FA!!!

[reflex]

Good stuff! Just steal the session token and you don't need 2FA!!!

This tactic is much better than ordinary account hacking methods and also bypasses suspicious login detection.

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Dishes out second hand retardation | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you wish to be unbanned in the future.

[B6G-K1LLER]

I'll explain how clicking on a URL can lead to the theft of all your information stored on Instagram or in your browser. This attack is known as PES Cookie or cookie theft, and it can bypass 2FA. By simply clicking on a link, a user hands over all their account login credentials to the hacker. So, how is it done? The attacker first creates a specially designed website and places custom PHP code within it. JavaScript could be used, but PHP is preferred. Then, don't just send this site to anyone, as it won't work. To function, this site must be sent as a specially prepared URL; only then can you access the user's information. Now, let's take a step-by-step look at how PES Cookie attacks are carried out

git clone https://github.com/TheWation/PhpCookieStealer -y

cd PhpCookieStealer

After downloading the program, we need a server. For Linux, we can use Apache or MyServeer, and for Windows, XAMPP servers. Additionally, the server must have PHP installed for the code to run. For those who don't know, PHP is a server-side programming language, and it's essentially a powerful tool, just like C++ and Python

If you prefer, you can do as I did and directly open the Apache server and enter the path to the input.php file. Otherwise, follow the steps below

sudo apt install php

mkdir wep

cd wep

nano index.php

Copy the code from the input.php file into index.php

Ctrl+S

Ctrl+X

So, how do we start the server? Follow the steps below



There are two examples of how you can use this attack. First, the attacker fills the site with things that the target will like; a single click on the link is enough. Secondly, share it in a place where the target is, like a WhatsApp group. Let me give you an example: Let's say you're a student in high school and you know the person who runs the school's confession page. For those who don't know, confession pages are very common, especially in schools. Students send anonymous messages to the confession page with things they couldn't admit or say on their social media accounts, and the confession page shares the message anonymously. For example, insulting a teacher or confessing love for another student. Now that we know what a confession page is, let's get back to our topic. Let's say you teamed up with the person managing the school's confession page, and you want to capture all the conversations at school. First, make an announcement on the confession page: 'Announcement: To increase the anonymity of the messages we receive and to keep your information safe, we have set up an anonymous messaging system. You can make your confessions with complete anonymity through this link: https://AttackerSite.com.' Users will click on this link to make even more secretive confessions, and they will be met with a site where they can write their confessions. But in the background, the site will secretly access all their browser passwords, usernames, and cookies. When the user writes their confession and clicks send, the confession is emailed to us. We then share the confession on the confession page within 3 minutes. This way, we gained access to almost the entire school's Instagram, Twitter, Snapchat, and TikTok accounts. You can tweak this tactic to suit your needs

For those wondering how to take over all accounts with a single connection, let me explain this: the logic remains the same. Just add all the accounts you want to target to the attack scope and that's it

But what if we don't have any cookie and want to steal it? Just by link

[joepa]

Good stuff!! Also check https://github.com/kgretzky/evilginx2