The project has been finished for the time being. We have successfully accomplished our goal of generating and sending spoofed email that would include phishing links that could be tracked by our web server. However there are a few future improvements I would like to make.
For the first improvement I would like to perform some small changes to the delimiter replacements. allowing default values to be placed within the configuration. This would allow for any absent templates from the CSV to be replaced and not look so obvious if there was an error by whoever was running the program.
The second improvement I would like to make is simply adding the ability to add images to the emails. This would probably require a redesign of the way that emails templates are currently working, as well a new way to store the photos.
For the third, and much more difficult, improvement I would like to be able to upgrade our webpages that appear upon the web server. To do this I would like to be able to scan a legitimate email for all links that are available, and then be able to generate similar looking web pages for all of the links. This way we could feature a more realistic looking phishing site and feature multiple links within an email. Compared to a single link as it currently stands.
Wednesday, December 7, 2016
Thursday, December 1, 2016
Mission Accomplished
We have finished creating the necessary parts of our program over the past couple of weeks. With the email sender, phishery, being mostly completed a couple weeks ago we were able to focus our efforts upon getting the twisted web server, net-o-phish, up and running.
I worked on the email sender a bit more this past week, giving the user greater control over the program through either the use of the configuration file or by passing in variables instead. This way the user can quickly change a single aspect of the program, such as a sender email address or email template, without having to edit the configuration file temporarily. Of course the option to modify the config file is still available.
We were able to get a domain name set up and linked to the ipv4 of our linux box that would host our programs. We used noip.com which allowed us to quickly acquire and use a legit sounding domain name for free. As this was happening we deployed net-o-phish to our box and after a few hangups due to blocked ports we were able to access the box. Updating the configuration file of phishery we were able to send out several emails that featured links referring to net-o-phish. We were also able to confirm that interaction with these links were being collected and stored in our MySQL database on the linux box.
I worked on the email sender a bit more this past week, giving the user greater control over the program through either the use of the configuration file or by passing in variables instead. This way the user can quickly change a single aspect of the program, such as a sender email address or email template, without having to edit the configuration file temporarily. Of course the option to modify the config file is still available.
We were able to get a domain name set up and linked to the ipv4 of our linux box that would host our programs. We used noip.com which allowed us to quickly acquire and use a legit sounding domain name for free. As this was happening we deployed net-o-phish to our box and after a few hangups due to blocked ports we were able to access the box. Updating the configuration file of phishery we were able to send out several emails that featured links referring to net-o-phish. We were also able to confirm that interaction with these links were being collected and stored in our MySQL database on the linux box.
Thursday, November 17, 2016
Successful email
We managed to successfully send several finished email this week. We were able to replace everything with in the email the desired information found in csv, configuration file, and generated links. We are making progress on the python Web server and it should hopefully be up within the next couple of weeks.
Thursday, November 10, 2016
This week we were able to get MySQL uploaded to our server and have worked on our web server to try and implement it. Stuff is starting to come together with our project, I look forward to seeing it come to fruition in the next couple of weeks.
Thursday, November 3, 2016
Server Issues
Our server went down earlier this week. After working through a few issues we were able to reset it so that we can now access the resources again. We have continued to learn and produce the Twisted web server, and have decided to attempt to hook it up to a mysql database. I also went through and updated some of our email sender code, enhancing the readability and flow of the project.
Friday, October 28, 2016
Server Setup
We have been able to setup the Linux server on which we will eventually run our Twisted server for data recording. I fixed a couple of bugs within our email generator and spoofer. We have created and started working on the Twisted web server that is the next part of our project.
Thursday, October 20, 2016
With fall break occurring this past weekend we have gotten less done was desired. However we continued to work with our email generator and sender in order to fix a few bugs. For example our program was configured incorrectly and would not let the user pass an email into the program and it would only use the one found referenced within the configuration file. In addition we got some time to look over and research Twisted a little bit more. We should hopefully get a prototype of the Twisted server setup within the next week/week and a half in order to record data from the targets interacting with the emails.
Thursday, October 13, 2016
Phishery
My partner and I were able to get our code together this week and we have managed to get a majority of it working. We have a controlling class set up that will accept inputs from the user if they exist or otherwise grab information from the yaml config file. The controller will then grab the list of users from the csv and generate the unique email before sending each one to its recipients. The emails are not all going through to their destination, some are halting at spam filters so this week will hopefully be spent QAing and fixing these emails so they can properly arrive at their destination. We have also decided, for the moment, that we will name our project Phishery. At east until we come up with a better name.
Thursday, October 6, 2016
Spoofing Emails
Since I have gotten my configuration file set up and have successfully ran my href replacer it is now time to attempt to hook these up with the SimpleEmailSpoofer. I started my importing my own fields from my configuration file or by passing them directly to the spoofer class. I then proceeded to weed out the unnecessary fields that the original class offered. Next I reworked how the actual message was created due to both the difference in storing/generating information and the removal of some fields. Finally I was able to wrap it all up nicely within one method, that would be able to be called from a controller, requiring only a passed email and receiving email address to send a spoofed email. after fixing a few bugs I was able to successfully able to send a spoofed email such as the following.
I tested out a few emails and saw that while a few of the emails went to the inbox of the receiver (which was me) a few ended up getting flagged by gmail's automatic spam filter and ended up in my spam folder instead. This will require further testing to make sure this would not happen during an actual experiment.
Within this next week I hope to get together with my partner so that we can make a joint controller class and successfully hook up all of our code we have been working on for the past month. This will allow us to read "target" data from a csv file similar to the one that will be similar to the one we are going to use later in the experiment, generate the unique emails for each "target", and then send the email from a spoofed address.
I tested out a few emails and saw that while a few of the emails went to the inbox of the receiver (which was me) a few ended up getting flagged by gmail's automatic spam filter and ended up in my spam folder instead. This will require further testing to make sure this would not happen during an actual experiment.
Within this next week I hope to get together with my partner so that we can make a joint controller class and successfully hook up all of our code we have been working on for the past month. This will allow us to read "target" data from a csv file similar to the one that will be similar to the one we are going to use later in the experiment, generate the unique emails for each "target", and then send the email from a spoofed address.
Thursday, September 29, 2016
Learning Pyyaml
This week I set about learning how to set up a configuration file within a python project. I decided to go about using a YAML file for this purpose. YAML files provide a very clean way of setting up a configuration file, by allowing you to create groups of fields. These easily manageable groups create a simple method for separating a single configuration file across multiple classes within the same project. There a few different libraries that allow python to interact with YAML files, but a majority of people seem to recommend PyYAML. I decided to create a simple YAMLfile, storing the values that I use to pass into the program as system arguments within the YAML instead. A using a few tutorials online I was easily able to retrieve the values and use them in my href replacer, just as I had with the system arguments. I now plan to work on hooking up the SimpleEmailSpoofer that I mentioned last week to the href replacer in order to easily send emails after they have been created.
Thursday, September 22, 2016
Fun with Python Tools
So I started this week testing out a few different python tools, to just check if spoofing would possible or difficult. I found this blog https://www.cybrary.it/0p3n/email-spoofing/ . From there I was able to find a couple different tools the first one is able to check whether a domain is spoofeable. The second one is a quick script to actually spoof an email. I needed to first set up a postfix server on my computer in order to use the SimpleEmailSpoofer. After a couple minutes of configuration I was able to successfully spoof an email. Here are the tools I tried out:
https://github.com/BishopFox/spoofcheck
https://github.com/lunarca/SimpleEmailSpoofer
After trying out this tool, I created a simple script that allowed me to replace hrefs within an email. I plan to expand this tool this weekend to swap out multiple areas of an email based on a configuration file, probably using a yaml as the configuration file. Using this tool I plan on generating a unique ID for each of these emails so we would be able to track user interaction with these emails, before sending these emails out whether through the SimpleEmailSpoofer or another method.
https://github.com/BishopFox/spoofcheck
https://github.com/lunarca/SimpleEmailSpoofer
After trying out this tool, I created a simple script that allowed me to replace hrefs within an email. I plan to expand this tool this weekend to swap out multiple areas of an email based on a configuration file, probably using a yaml as the configuration file. Using this tool I plan on generating a unique ID for each of these emails so we would be able to track user interaction with these emails, before sending these emails out whether through the SimpleEmailSpoofer or another method.
Tuesday, September 13, 2016
A New Project
School has started once again, and with it comes time to start another project. I plan to work with Keathen on this project and we will be developing some tools for phishing emails. We do not yet have a title for this project. We plan to create software for one of the computer science professors that will be using this for an experiment later this year.
The first part of the project we will be developing tools to actually allow us to phish more easily. We plan on developing a tool that will allow us to replace all hrefs within an email so we can quickly make a “legitimate” email into a “legitimate-looking” phishing email. In addition we plan on creating a python web server, using the twisted framework. This is an event driven framework, that allows us to perform calls on variety of protocols, compared to just tcp. We hope to use this web server as a method for recording data and tracking user engagement with our emails. We plan on running this on a virtualized Ubuntu server running at the school. We plan to also write a program so that we can send out, and potentially spoof, emails. We hope to use this program with a csv full of email addresses. In addition we plan on saving information to this CSV and updating fields as time goes on with the web server.
For the second half of our project we plan on developing a program that can easily take the data we have saved to csv and received from the web server and put it into an easily readable form. This will allow any clients to easily access this data even if they don’t have an in depth understanding of the software used to generate and send the phishing emails. This is primarily useful as we eventually plan to have this software used for an experiment.
Subscribe to:
Posts (Atom)