Phishing Frenzy: SSL Support on Rails 4 with Syntax Highlighting - Pentest Geek

Phishing Frenzy: SSL Support on Rails 4 with Syntax Highlighting

Phishing Frenzy: SSL Support on Rails 4

It’s been a little over a year since I started phishing full time with Phishing Frenzy and there is no looking back now. The project has really come a long way since I first started with it. I can’t thank the community enough for all the support and contributions along the way. Phishing today seems more enjoyable than ever before and I owe a lot of that gratification to Phishing Frenzy.

If you haven’t had a chance to checkout the project, I highly recommend you do and get involved. We are always seeking new templates to be added to our official gallery for the entire community to use, tweak and share.

I envision someday we will have a catalog containing hundreds of templates for the entire community. Wouldn’t it be nice to have a new shiny template already built for you on your next phishing gig? It’s up to the community to make that vision a reality by contributing.

There has been a lot of new changes with the most recent version of Phishing Frenzy. I’m going to cover some of those changes in this article.

Rails 4 Upgrade

Previously Phishing Frenzy was running on Rails 3.2. We recently have upgraded the application to the latest version Rails 4.1.7. This was a slow painful process to upgrade the application and all the gems, but it ultimately patches some security vulnerabilities and offers a lot of flexibility for the app moving forward.

SSL Support for Phishing Sites

When performing a phishing gig we often use credential harvesting to obtain valid passwords. In the past Phishing Frenzy had no support to run your phishing site on HTTPS. We are pleased to announce that we have added SSL support for running phishing websites over HTTPS. This is all done completely through the web UI by simply uploading your 3 certificate files required by Apache.

  • SSLCertificateFile
  • SSLCertificateKeyFile
  • SSLCertificateChainFile

Once the SSL files have been uploaded to the campaign Phishing Frenzy will automatically deploy the website over HTTPS once the campaign is activated.

Code Syntax Highlighting

We often need to tweak and edit our templates from campaign to campaign. Previously Phishing Frenzy had a simple text form that was available to edit and update the raw text. It was difficult to detect mistakes and didn’t offer any code syntax highlights. We recently changed all this and added in the CodeMirror JavaScript library to help bring in a little more bling bling when editing your templates.

Conclusion

We have been hard at work making this project a stable platform for the entire  community to phish from. We hope you see the value in the project and get involved to make it something even better. The project has been gaining a lot of traction over the last couple of months and I’m excited to see where we end up 1 year from now.

As always, submit your tickets to the github issues page located here, and enjoy phishing all the things!

 

Share this article

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmail
1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share This

Recent Posts

Subscribe To Our Mailing List

The Ultimate Burp Suite Training Program

Learn Network Penetration Testing

Penetration Testing

Categories

Metasploit

Web Application Hacking


Brandon McCann

Copyright 2024

css.php

The Ultimate Phishing Framework

Enter your email address below to discover the secrets of a successful Email Phishing campaign. 

This completely free e-book will teach you the theory on how to phish like one of the pros. 

Written by the creator of the most powerful email phishing framework on the market today!

Download your free e-book and start phishing right now!

 

You have Successfully Subscribed!