Phishing Frenzy: SSL Support on Rails 4 with Syntax Highlighting
It’s been a little over a year since I started phishing full time with Phishing Frenzy and there is no looking back now. The project has really come a long way since I first started with it. I can’t thank the community enough for all the support and contributions along the way. Phishing today seems more enjoyable than ever before and I owe a lot of that gratification to Phishing Frenzy.
If you haven’t had a chance to checkout the project, I highly recommend you do and get involved. We are always seeking new templates to be added to our official gallery for the entire community to use, tweak and share.
I envision someday we will have a catalog containing hundreds of templates for the entire community. Wouldn’t it be nice to have a new shiny template already built for you on your next phishing gig? It’s up to the community to make that vision a reality by contributing.
There has been a lot of new changes with the most recent version of Phishing Frenzy. I’m going to cover some of those changes in this article.
Rails 4 Upgrade
Previously Phishing Frenzy was running on Rails 3.2. We recently have upgraded the application to the latest version Rails 4.1.7. This was a slow painful process to upgrade the application and all the gems, but it ultimately patches some security vulnerabilities and offers a lot of flexibility for the app moving forward.
SSL Support for Phishing Sites
When performing a phishing gig we often use credential harvesting to obtain valid passwords. In the past Phishing Frenzy had no support to run your phishing site on HTTPS. We are pleased to announce that we have added SSL support for running phishing websites over HTTPS. This is all done completely through the web UI by simply uploading your 3 certificate files required by Apache.
Once the SSL files have been uploaded to the campaign Phishing Frenzy will automatically deploy the website over HTTPS once the campaign is activated.
Code Syntax Highlighting
We have been hard at work making this project a stable platform for the entire community to phish from. We hope you see the value in the project and get involved to make it something even better. The project has been gaining a lot of traction over the last couple of months and I’m excited to see where we end up 1 year from now.
As always, submit your tickets to the github issues page located here, and enjoy phishing all the things!
Share this article
Follow Pentest Geek
Subscribe to Pentest Geek
- How To Install Metasploit Framework Ubuntu 14.04
- How to Install Nmap From Source
- Another Lap Around Microsoft LAPS
- Credential Harvesting via MiTM – Burp Suite Tutorial
- SSL Certificate from letsencrypt.org – Setup Guide
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications