After a quick glance I'm pretty sure it's all JS/jQuery/AJAX and no PHP. AJAX handles the form inputs, but im not sure where it stores the info.
Ok guys so yesterday some guy tried to scam me through steam. It's normal for steam but this scam was a little bit different. He send me a link to phishing site that looked like steam login page (standard for a trader) I wrote fake credentials just to maybe piss of a scammer but this time his site said that password or username is incorrect. I delved into scammer site more and I found that this site will ask you for mobile authenticator if you have one Not only that because it will also say you that whatever you type in mobile auth popup it will say it's wrong. Yeah I sound like a moron but I'm interested in PHP as a hobby and this scam showed me how little I know about PHP. Source code of scammer site is in attachment:
This code is pretty long for simple scam which is odd (nearly 9000 lines of code) Can anyone explain me how this works? How does he made his site check if login credentials were correct? At least can someone point where script saving userass is?
After a quick glance I'm pretty sure it's all JS/jQuery/AJAX and no PHP. AJAX handles the form inputs, but im not sure where it stores the info.
Probably it will not even make sure, that the Login Info is correct.
They just assume, the Target will insert correct data, so you get Logindata + 1x 2 Factor Auth Code.
What u can do now with this, i'm not sure, but i'm pretty sure, it works like this and just gather everything before it submits all the data
Hey no offense but there isnt any line of php code and its also pretty advandced code(well with some weird codeparts and bad structure)! i suggest u to learn some javascript basics to get a small understanding of the code. its rlly to much to simply break it down here for a beginner and as u said u have some php knowledge but this programm ist javascript based