Thotcon 0x5 Phishing Frenzy - Pentest Geek

Thotcon 0x5 Phishing Frenzy

Author: Brandon McCann Posted In Presentations On: 2014/05/15 No comments
Thotcon 0x5 Phishing Frenzy

As most of you already know, Thotcon one of the paramount security conferences took place a couple weeks ago in Chicago. I got the incredible opportunity to present on the main stage about Phishing Frenzy and show off some of the new features now available.

During the presentation at Thotcon Adam Ringwood and I gave a live demo of the new features and executed a simulated email phishing attack. Those of you who missed it I’ve summarized most of the details in this blog post.zeknox

Some of the new features now included within PF are an entirely new reporting dashboard, the ability to preview phishing emails, and sending emails using rails’ Action Mailers.

Base64 URLs No More

Previously, in order to track unique visitors to your phishing website PF would base64 encode the users email address and append it to the phishing url and passing that id as a parameter. PF now uses a similar system UID system where every target imported into a phishing campaign will have a random UID tagged to that email address. This UID value is then used when sending the emails to generate a unique phishing url for each target that can be tied back to a specific email address.

New Reporting and Analytics

The new reporting dashboard was completely rewritten and optimized by Adam. Previously PF would simply parse raw apache logs to determine email phishing statistics. PF no longer relies on the apache logs for stats. Rather, PF now creates an event that is triggered each time a victim lands on an email phishing page. This event logs the UID and other parameters and stores it in the database.

Here is an overview of what an email phishing campaign may look like with results.

Reporting Dashboard

Here is an example of the details once you drill down to a specific target

Reporting Details

Action Mailer

PF now sends email using Rails conventional method by leveraging Action Mailers. By converting over to rails mailers PF gains a lot of benefits when sending emails. Some of these benefits include the ability to create and manage email phishing templates more effortlessly.

PF templates are now a breeze and simply require some crafty HTML without having to worry about SMTP header nonsense. The rails mailer now handles all of that. We can now simply focus on creating HTML emails that look more enticing then ever. Also attaching images inline within the body of an email is simply done by leveraging rails helpers.

Since PF is using rails mailers we are able to create dynamic emails. What does that actually mean? That means we have the power of ruby within our emails! Say what? We can now code ruby snippets wherever we want within the email.

For example, you could use <%= @target.firstname %> to display the targets firstname if you imported a CSV list containing firstname content.

Target List

For additional information on leveraging ERB please see the following documentation:

Dynamic Emails

Since PF is now using rails mailers we are able to create dynamic emails. What does that actually mean? That means we have the power of ruby within our emails! Say what? We can now code ruby snippets wherever we want within the email.

Look at the emails below and notice how each email is unique. The emails are both greeting the user by their firstname so the email looks more genuine like the email was actually meant for them.

It’s all these little things that really add up to establish credibility and execute a sound successful email phishing campaign.

Dynamic Emails

Preview Emails

PF now has the ability to preview your phishing emails within the browser. You no longer have to send dozens of email to yourself to get the email looking just the way you’d like. PF takes advantage of the letter_opener gem to accomplish previews of emails.

Email Preview

Sharing Templates

PF still has the ability to share email phishing templates. I have not received a single pull request from the community on the phishing-frenzy-template repository. But in all honesty that doesn’t really surprise me. Creating an email phishing template in the old unorthodox system was a pain and difficult to get working. Now a new phishing template can be setup using simple HTML.

Below is an example email that utilizes the image_tag rails helper to embed the JPG image within the email, and @url instance variable is used within an embedded ruby block to create the dynamic phishing url. This is all that is required to start sending emails with PF.

Sample Email


PF now comes equipped with datatables wherever possible. The campaigns, templates, and reporting sections all now contain datatables. This gives the user the ability to sort by any column or quickly search for any string of text.

Templates Datatable


If you haven’t had a chance to play with PF I strongly encourage you to check it out. The software has really started to blossom and take shape. For additional details take a look at the updated wiki to get started. Any issues you encounter with PF should be posted on the github repository.

Enjoy Phishing all the things with Phishing Frenzy.

Share this article


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share This

Recent Posts

Subscribe To Our Mailing List

The Ultimate Burp Suite Training Program

Learn Network Penetration Testing

Penetration Testing



Web Application Hacking

Brandon McCann

Copyright 2024


The Ultimate Phishing Framework

Enter your email address below to discover the secrets of a successful Email Phishing campaign. 

This completely free e-book will teach you the theory on how to phish like one of the pros. 

Written by the creator of the most powerful email phishing framework on the market today!

Download your free e-book and start phishing right now!


You have Successfully Subscribed!