https://github.com/wunderwuzzi23/KoiPhish

A simple yet beautiful phishing proxy.
https://github.com/wunderwuzzi23/KoiPhish

pentesting redteam

Last synced: 21 days ago
JSON representation

A simple yet beautiful phishing proxy.

• Host: GitHub
• URL: https://github.com/wunderwuzzi23/KoiPhish
• Owner: wunderwuzzi23
• License: mit
• Created: 2018-12-09T20:59:51.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2021-08-13T16:07:09.000Z (over 3 years ago)
• Last Synced: 2024-08-05T17:25:32.842Z (4 months ago)
• Topics: pentesting, redteam
• Language: Go
• Homepage:
• Size: 27.3 KB
• Stars: 49
• Watchers: 2
• Forks: 8
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

• awesome-hacking-lists - wunderwuzzi23/KoiPhish - A simple yet beautiful phishing proxy. (Go)

README

        
# KoiPhish - The Phishing Proxy

KoiPhish is a simple yet beautiful phishing proxy idea. It relays requests a client makes to the KoiPish to the actual target and responses are sent back to the client. On the way in and out common links are overwritten in order to not break the user experience and functionality. The benefit of this approach compared to cloning a website is that it will have the same look and feel as the target, and automatically adjust to changes down the road. 

The code in this repo shows the basic framework and methodology, and it is intentionally not point and click.

```

  _  __     _ ____  _     _     _              /`·.¸

 | |/ /___ (_)  _ \| |__ (_)___| |__          /¸...¸`:·

 | ' // _ \| | |_) | '_ \| / __| '_ \    ¸.·´  ¸    `·.¸.·´)

 | . \ (_) | |  __/| | | | \__ \ | | |  : © ) ´;      ¸  {

 |_|\_\___/|_|_|   |_| |_|_|___/_| |_|   ·.      ¸.·´\  `·¸)

                                           ``\\´´\¸¸.·´

             .................................................. KoiPhish started.

```             

## Illustration

                                                             Keep Relaying                               

      End User     +-------------------->    KoiPhish    +-------------------->    Actual Login Page

                                                         <--------------------+    

                       Keep Relaying      

                   +-------------------->                +-------------------->     and MFA Provider

                   <--------------------+                <--------------------+           

             

This keeps going until the passwords and/or session tokens (after 2FA) are grabbed by KoiPhish.

## Why is this useful?

Most web sites these days support multi factor authentication. KoiPish can integreate in the multi step flow,  continuously relaying requests back and forth, and eventually gain access to a user's session token.

## Adjustments

For actual pentesting more adjustments need to be made, like configuring target, etc. The code is not "point and click".

## Mitigation

Leverage security keys and U2F to help mitigate phishing attacks. Learn more here:

* https://fidoalliance.org/fido2/

* https://en.wikipedia.org/wiki/WebAuthn

## Disclaimer

Pentesting requires authorization and consent by appropriate stakeholders. Do not do illegal things. You are responsible for your own actions.