Hi what about this idea?

[minanagehsalalma]

You get the tool to send the target a recovery cde using the site password recovery option with the entered mail ...

Then you send him a phishing mail asking him to enter the code he has just received into this link..

So we get the recovery code instead of the password.

Huh , what do you think ?

[BiZken]

That would be pretty awesome, haven't thought of that before, it would make everything alot easier. I will need to take a look at it and try to create something for that. Amazing Idea

[minanagehsalalma]

Amazing Idea

@BiZken thanks mate glad you liked it ;)

[minanagehsalalma]

@BiZken hi..... what about adding this to it too ?

Instead of the victim typing the code we ask them to copy it and then steal it from the clipboard using this

https://github.com/thelinuxchoice/clipboardme

What do you think ?

[BiZken]

@minanagehsalalma I have been working on this tool and Iam mostly done with everything but I'm not sure how I should do with the code. Getting the tool to send the 2fa code is easy but it expires after a few minutes and if you ain't sitting in front of your computer you won't be able to use the code. The instagram recovery codes
That might work but I don't think everybody knows how that works, I might aswell create the options that you can pick ofcourse but for now I'm trying to come up with a way to login with the 2fa code even when you're not by your computer so you can access the account later. I will finish it and then I will upload like a "beta" of it. But its coming for sure /BiZken

[minanagehsalalma]

it expires after a few minutes

@BiZken really ? I thought it only expires after you request another ... never seen them say anything about that in the recovery mail

2fa code even when you're not by your computer so you can access the account later.

Auto use them and then save the cookies using a server or something like cron.

I will upload like a "beta" of it. But its coming for sure /BiZken

That's great

[minanagehsalalma]

Auto use them and then save the cookies using a server or something like cron.

You can even automate the deletion of recovery methods like phone number and email ... so the victim fails at getting the account back using regular methods.

[UBISOFT-1]

@BiZken I can help you write a Selenium Script, that automatically checks and uses the recovery code, and logs you into the account.

[UBISOFT-1]

And then we can save the cookies. On Google Drive for further pipelined workflows in this tool. Contact me at OTTOMAN#5912 on Discord, we can discuss more about it there. :)