Thotcon 0x5 Phishing Frenzy
As most of you already know, Thotcon one of the paramount security conferences took place a couple weeks ago in Chicago. I got the incredible opportunity to present on the main stage about Phishing Frenzy and show off some of the new features now available.
During the presentation at Thotcon Adam Ringwood and I gave a live demo of the new features and executed a simulated email phishing attack. Those of you who missed it I’ve summarized most of the details in this blog post.
Some of the new features now included within PF are an entirely new reporting dashboard, the ability to preview phishing emails, and sending emails using rails’ Action Mailers.
Base64 URLs No More
Previously, in order to track unique visitors to your phishing website PF would base64 encode the users email address and append it to the phishing url and passing that id as a parameter. PF now uses a similar system UID system where every target imported into a phishing campaign will have a random UID tagged to that email address. This UID value is then used when sending the emails to generate a unique phishing url for each target that can be tied back to a specific email address.
New Reporting and Analytics
The new reporting dashboard was completely rewritten and optimized by Adam. Previously PF would simply parse raw apache logs to determine email phishing statistics. PF no longer relies on the apache logs for stats. Rather, PF now creates an event that is triggered each time a victim lands on an email phishing page. This event logs the UID and other parameters and stores it in the database.
Here is an overview of what an email phishing campaign may look like with results.
Here is an example of the details once you drill down to a specific target
Action Mailer
PF now sends email using Rails conventional method by leveraging Action Mailers. By converting over to rails mailers PF gains a lot of benefits when sending emails. Some of these benefits include the ability to create and manage email phishing templates more effortlessly.
PF templates are now a breeze and simply require some crafty HTML without having to worry about SMTP header nonsense. The rails mailer now handles all of that. We can now simply focus on creating HTML emails that look more enticing then ever. Also attaching images inline within the body of an email is simply done by leveraging rails helpers.
Since PF is using rails mailers we are able to create dynamic emails. What does that actually mean? That means we have the power of ruby within our emails! Say what? We can now code ruby snippets wherever we want within the email.
For example, you could use <%= @target.firstname %> to display the targets firstname if you imported a CSV list containing firstname content.
For additional information on leveraging ERB please see the following documentation: http://api.rubyonrails.org/classes/ActionView/Base.html
Dynamic Emails
Since PF is now using rails mailers we are able to create dynamic emails. What does that actually mean? That means we have the power of ruby within our emails! Say what? We can now code ruby snippets wherever we want within the email.
Look at the emails below and notice how each email is unique. The emails are both greeting the user by their firstname so the email looks more genuine like the email was actually meant for them.
It’s all these little things that really add up to establish credibility and execute a sound successful email phishing campaign.
Preview Emails
PF now has the ability to preview your phishing emails within the browser. You no longer have to send dozens of email to yourself to get the email looking just the way you’d like. PF takes advantage of the letter_opener gem to accomplish previews of emails.
Sharing Templates
PF still has the ability to share email phishing templates. I have not received a single pull request from the community on the phishing-frenzy-template repository. But in all honesty that doesn’t really surprise me. Creating an email phishing template in the old unorthodox system was a pain and difficult to get working. Now a new phishing template can be setup using simple HTML.
Below is an example email that utilizes the image_tag rails helper to embed the JPG image within the email, and @url instance variable is used within an embedded ruby block to create the dynamic phishing url. This is all that is required to start sending emails with PF.
DataTables
PF now comes equipped with datatables wherever possible. The campaigns, templates, and reporting sections all now contain datatables. This gives the user the ability to sort by any column or quickly search for any string of text.
Outro
If you haven’t had a chance to play with PF I strongly encourage you to check it out. The software has really started to blossom and take shape. For additional details take a look at the updated wiki to get started. Any issues you encounter with PF should be posted on the github repository.
Enjoy Phishing all the things with Phishing Frenzy.
Share this article
Leave a Reply
Share This
Recent Posts
- Playing With the New Burp Suite REST API
- Burp Suite 2.0 Beta Review
- Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
- GPG Errors While Updating Kali Linux
- Installing Kali NetHunter on HTC Nexus 9
Subscribe To Our Mailing List
The Ultimate Burp Suite Training Program
Learn Network Penetration Testing
Penetration Testing
Categories
- AWBS
- Burp Suite
- Definitions
- Forensics and Incident Response
- Information Gathering
- Metasploit
- Penetration Testing Tutorials
- Phishing
- Presentations
- Tools
- Web Applications
- Wireless