The project has been finished for the time being. We have successfully accomplished our goal of generating and sending spoofed email that would include phishing links that could be tracked by our web server. However there are a few future improvements I would like to make.
For the first improvement I would like to perform some small changes to the delimiter replacements. allowing default values to be placed within the configuration. This would allow for any absent templates from the CSV to be replaced and not look so obvious if there was an error by whoever was running the program.
The second improvement I would like to make is simply adding the ability to add images to the emails. This would probably require a redesign of the way that emails templates are currently working, as well a new way to store the photos.
For the third, and much more difficult, improvement I would like to be able to upgrade our webpages that appear upon the web server. To do this I would like to be able to scan a legitimate email for all links that are available, and then be able to generate similar looking web pages for all of the links. This way we could feature a more realistic looking phishing site and feature multiple links within an email. Compared to a single link as it currently stands.
Wednesday, December 7, 2016
Thursday, December 1, 2016
Mission Accomplished
We have finished creating the necessary parts of our program over the past couple of weeks. With the email sender, phishery, being mostly completed a couple weeks ago we were able to focus our efforts upon getting the twisted web server, net-o-phish, up and running.
I worked on the email sender a bit more this past week, giving the user greater control over the program through either the use of the configuration file or by passing in variables instead. This way the user can quickly change a single aspect of the program, such as a sender email address or email template, without having to edit the configuration file temporarily. Of course the option to modify the config file is still available.
We were able to get a domain name set up and linked to the ipv4 of our linux box that would host our programs. We used noip.com which allowed us to quickly acquire and use a legit sounding domain name for free. As this was happening we deployed net-o-phish to our box and after a few hangups due to blocked ports we were able to access the box. Updating the configuration file of phishery we were able to send out several emails that featured links referring to net-o-phish. We were also able to confirm that interaction with these links were being collected and stored in our MySQL database on the linux box.
I worked on the email sender a bit more this past week, giving the user greater control over the program through either the use of the configuration file or by passing in variables instead. This way the user can quickly change a single aspect of the program, such as a sender email address or email template, without having to edit the configuration file temporarily. Of course the option to modify the config file is still available.
We were able to get a domain name set up and linked to the ipv4 of our linux box that would host our programs. We used noip.com which allowed us to quickly acquire and use a legit sounding domain name for free. As this was happening we deployed net-o-phish to our box and after a few hangups due to blocked ports we were able to access the box. Updating the configuration file of phishery we were able to send out several emails that featured links referring to net-o-phish. We were also able to confirm that interaction with these links were being collected and stored in our MySQL database on the linux box.
Subscribe to:
Posts (Atom)