Advanced phishing toolš„ used for session & credential grabbing and bypassing 2FA using man-in-the-middle attack ā ļø with standalone reverse proxy server.
CipherGinx
This tool is used for advanced phishing attacks using reverse proxy. It can also bypass 2FA or 2-factor authorization. Captured tokens will be written in the file token.txt on successful phish. Attacker can use this tool to phish victim with any website by creating a suitable configuration and using a signed SSL\TLS certificate(victim will see https connection). Author has already tested it with gmail, outlook & icloud, however no orginal config has been uploaded here for security purposes. This tool is only to be used as a POC to understand advanced phishing and for Red Teaming purposes.
Advantages over other similar tools:
- This tool lets you modify anything in the website to be used for phishing.
- Other tools have restriction like you can not replace response headers or request body, or you need to use third party tools along with them.
- You can also block certain paths. Tool returns
[200 ok]response to those paths without any body, to avoid any suspicion. - Supports regex.
- Supports TCP connection over
SSL/TLS. Use your own signed certificates. - Supports http1, http1.1 & http2 connections.
- Comparably smaller config files because of path based modification and fast to make.
- You do not have to enter whole URL path in the
config.pyfiles. You can just enter part of URL path and tool will automatically match it.
Benefit of these automated phishing tools is that you donāt have to create templates for every website you want to phish the target with. Normally, people think that if they see green tag & https written on their URL it is safe to open that website but they donāt know that SSL/TLS certificates can be forged. You will still see https with green tag but that certificate will be not of the original site but of the site which you are opening and attackers mostly buy domains similar to the website to be used for phishing by using various trick. This is called homograph attack but that is the topic for another time. Point is, you wonāt even notice a difference that whether you are opening a real website or a fake one. There are various methods to trick the victim into it. At current this tool only support one config to run at a time but in future this tool can be modified to be a framework rather than a tool.
For more information, issue, query or contact go to the github repo and read README.md
Thanks for reading!!
