It’s been a little over a year since I started phishing full time with Phishing Frenzy and there is no looking back now. The project has really come a long way since I first started with it. I can’t thank the community enough for all the support and contributions along the way. Phishing today seems more enjoyable than ever before and I owe a lot of that gratification to Phishing Frenzy.
If you haven’t had a chance to checkout the project, I highly recommend you do and get involved. We are always seeking new templates to be added to our official gallery for the entire community to use, tweak and share.
I envision someday we will have a catalog containing hundreds of templates for the entire community. Wouldn’t it be nice to have a new shiny template already built for you on your next phishing gig? It’s up to the community to make that vision a reality by contributing.
There has been a lot of new changes with the most recent version of Phishing Frenzy. I’m going to cover some of those changes in this article.
Rails 4 Upgrade
Previously Phishing Frenzy was running on Rails 3.2. We recently have upgraded the application to the latest version Rails 4.1.7. This was a slow painful process to upgrade the application and all the gems, but it ultimately patches some security vulnerabilities and offers a lot of flexibility for the app moving forward.
SSL Support for Phishing Sites
When performing a phishing gig we often use credential harvesting to obtain valid passwords. In the past Phishing Frenzy had no support to run your phishing site on HTTPS. We are pleased to announce that we have added SSL support for running phishing websites over HTTPS. This is all done completely through the web UI by simply uploading your 3 certificate files required by Apache.
- SSLCertificateFile
- SSLCertificateKeyFile
- SSLCertificateChainFile
Once the SSL files have been uploaded to the campaign Phishing Frenzy will automatically deploy the website over HTTPS once the campaign is activated.
Code Syntax Highlighting
We often need to tweak and edit our templates from campaign to campaign. Previously Phishing Frenzy had a simple text form that was available to edit and update the raw text. It was difficult to detect mistakes and didn’t offer any code syntax highlights. We recently changed all this and added in the CodeMirror JavaScript library to help bring in a little more bling bling when editing your templates.
Conclusion
We have been hard at work making this project a stable platform for the entire community to phish from. We hope you see the value in the project and get involved to make it something even better. The project has been gaining a lot of traction over the last couple of months and I’m excited to see where we end up 1 year from now.
As always, submit your tickets to the github issues page located here, and enjoy phishing all the things!
The post Phishing Frenzy: SSL Support on Rails 4 with Syntax Highlighting appeared first on Pentest Geek - Penetration Testing - Infosec Professionals.