Archive

Posts Tagged ‘cloning’

Easily clone sites and import as Phishing Frenzy templates (Phishing for passwords)

January 22, 2016 Leave a comment

Phishing Frenzy is an awesome tool to use during Social Engineering/Spear Phishing exercises.

One of the tasks that I spent a lot of time on when using Phishing Frenzy is the ‘cloning of a website’ to be used for phishing passwords.

Phishing Frenzy does have a ‘Website Cloner’ but its pretty basic and some work needs to be done on the generated HTML file before it can be used as a template. (e.g. modify the input name of the username and password fields, changing the form action URL, create the template.yml and attachments.yml and zip up the files).

I wrote a simple script to take the URL of the website you want to clone (along with other information like Phishing Frenzy server URL and the ‘fake domain name/public IP address of the server hosting the cloned website’) and generates a working template zip that you can import directly into Phishing Frenzy under Templates > Restore menu.

Hope this can be of help to anyone of you in future social engineering engagements.

Below is a screenshot of the script in action.

phishing frenzy template zip generator

When a user visits and keys in the credentials into the cloned website, the credentials will be recorded into the creds.log file and also sent to your phishing frenzy server .

You can find the python scripts at https://github.com/milo2012/phishing-frenzy-template-cloner
Thank you for reading.

Updates:  I have update the template to include browser plugin enumeration via Javascript. This should be useful for some. The information is sent back to your Phishing Frenzy server.

 

Advertisements