I experimented with building a phishing page complete with seamless redirects, a database, a TLS certificate, and a "malware" link.
You can view the website here: https://pixelatinate.github.io/twitter-phishing/ and the database here.
The page that actually steals your information is the login google popup.