Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Two-Factor Phishing #971

Closed
giomke opened this issue Feb 13, 2018 · 1 comment
Closed

Two-Factor Phishing #971

giomke opened this issue Feb 13, 2018 · 1 comment
Labels
duplicate enhancement

Comments

@giomke
Copy link

giomke commented Feb 13, 2018

I think it will be great to implement Two-Factor Phishing, similar like
https://github.com/fireeye/ReelPhish
https://github.com/kgretzky/evilginx
https://github.com/ustayready/CredSniper
tools
@jordan-wright
Copy link
Collaborator

Hi there!

Thanks for reaching out. This has been considered in the past and is being tracked best by #223, which will let users make extremely flexible campaigns.

In addition to this, I've done a PoC of what I would call the generic "proxy" feature in the past which would mitm any credentials sent - similar to ReelPhish. However, it's much trickier than it sounds. There are cases where things just break because the references to static assets aren't correct anymore, or credentials are submitted via Javascript, not via a form, etc. etc. Basically, there are so many edge cases, that it's difficult to get correct.

For now, since we do have #223 open, I'm going to close this out in favor of that issue where we'll track the development of that new campaign editor 😄

Thanks again for sending this over!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jordan-wright @giomke