{"id":17225552,"url":"https://github.com/v-byte-cpu/juicyrout","last_synced_at":"2025-04-14T00:53:49.989Z","repository":{"id":47198030,"uuid":"390492226","full_name":"v-byte-cpu/juicyrout","owner":"v-byte-cpu","description":":tropical_drink: Phishing Reverse Proxy with MFA bypass","archived":false,"fork":false,"pushed_at":"2023-01-28T19:31:29.000Z","size":154,"stargazers_count":17,"open_issues_count":4,"forks_count":8,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-03-27T14:55:25.972Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/v-byte-cpu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-28T20:16:01.000Z","updated_at":"2025-03-07T23:50:53.000Z","dependencies_parsed_at":"2023-02-15T18:25:54.649Z","dependency_job_id":null,"html_url":"https://github.com/v-byte-cpu/juicyrout","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fjuicyrout","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fjuicyrout/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fjuicyrout/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fjuicyrout/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/v-byte-cpu","download_url":"https://codeload.github.com/v-byte-cpu/juicyrout/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248804784,"owners_count":21164131,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T04:13:52.974Z","updated_at":"2025-04-14T00:53:49.965Z","avatar_url":"https://github.com/v-byte-cpu.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# juicyrout\n\n[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/v-byte-cpu/juicyrout/blob/main/LICENSE)\n[![Build Status](https://img.shields.io/github/actions/workflow/status/v-byte-cpu/juicyrout/build.yml)](https://github.com/v-byte-cpu/juicyrout/actions/workflows/build.yml)\n[![GoReportCard Status](https://goreportcard.com/badge/github.com/v-byte-cpu/juicyrout)](https://goreportcard.com/report/github.com/v-byte-cpu/juicyrout)\n\n**juicyrout** is a man-in-the-middle attack reverse proxy designed for penetration testers to phish login credentials along with session cookies.\n\nIt was developed after experiencing the limitations of evilginx2. The main focus is on the following things:\n\n* **lightweight**, it should be easy to set up without complicated phishlet configs\n* **speed**, it must perform streaming processing of the response body instead of reading the whole response body into process memory (what happens in evilginx)\n* **flexibility**, it should work with almost all sites out of the box with minimal configuration (e.g. just a list of session cookie names)\n\nWe use the following technical features to achieve this goal:\n* only one wildcard tls certificate (no longer need to set up NS records to forward DNS servers to the proxy)\n* js fetch/xhr hook (replace all dynamic URLs with the appropriate ones that point to the proxy)\n* session handling on the server (authentication with specific lure URLs like in evilginx)\n* cookie jar per session to persist all response cookies on the proxy and imitate legitimate browser session\n\n## Quick Example\n\nLet's imagine that you acquired a new DNS name, for example, `host.juicyrout` and you want to run a phishing instagram site \non the domain `www.host.juicyrout` on port 8091. There are only three things you need to do:\n  * generate a valid wildcard TLS certificate `*.host.juicyrout` e.g. with [let's encrypt](https://letsencrypt.org/docs/faq/#does-let-s-encrypt-issue-wildcard-certificates) \n  * add wildcard DNS A record for the domain `*.host.juicyrout`\n  * run `juicyrout` with the desired config file\n\nCreate a file `config.yaml`:\n\n```yaml\napi_token: your_random_token_here\nlisten_addr: 0.0.0.0:8091\ndomain_name: host.juicyrout\nexternal_port: 8091\ntls_key: wildcard_host_juicyrout_key.pem\ntls_cert: wildcard_host_juicyrout_cert.pem\nphishlet_file: phishlets/instagram/config.yaml\ndomain_mappings:\n  - proxy: www.host.juicyrout:8091\n    target: www.instagram.com\n```\n\n* `api_token` is used for authentication in the admin REST API (see [api.go](https://github.com/v-byte-cpu/juicyrout/blob/main/api.go)). \n* `external_port` is used for incoming network traffic (in case you use Docker or run a reverse proxy in front of the juicyrout server, etc.)\n* `phishlet_file` is a config file with phishlet (see [instagram phishlet](https://github.com/v-byte-cpu/juicyrout/blob/main/phishlets/instagram/config.yaml) for reference)\n* `domain_mappings` describes a list of mappings between domain names with optional ports. For instance, \n`www.host.juicyrout:8091` with the specified configuration file will be mapped to `www.instagram.com` in http request \nand back in the response,\nbut `super.subdomain.instagram.com` (target address) will be mapped to `super-subdomain-instagram-com.host.juicyrout:8091` (proxy address)\nby default.\n\nFor a complete list of configuration options, see [config.go](https://github.com/v-byte-cpu/juicyrout/blob/main/config.go).\n\nFinally, run a phishing server:\n\n```\njuicyrout -c config.yaml\n```\n\nAll captured credentials will by default be stored in the `creds.jsonl` file, and captured sessions will be stored in the \n`sessions.jsonl` file.\n\nEnjoy!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fv-byte-cpu%2Fjuicyrout","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fv-byte-cpu%2Fjuicyrout","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fv-byte-cpu%2Fjuicyrout/lists"}