Strengthen Your Phishing with Apache mod_rewrite and Mobile User Redirection Logo

Strengthen Your Phishing with Apache mod_rewrite and Mobile User Redirection

0
Free
Visit Website

Often times a corporate internal network is heavily locked down. Workstations are restricted with limited internet access. These controls are often less strict on mobile devices (or sometimes not present), especially with BYOD being implemented more and more. While phishing, Apache access logs often show mobile devices accessing the malicious page, yet no sessions are established. I investigated a number of ways to solve the problem and ultimately landed on using Apache’s Rewrite module. The more I learned about mod_rewrite’s abilities, the more benefit I saw in using Apache redirectors for phishing. This post is the first in a series of posts about solving common problems that plague phishing including users visiting a malicious website on their mobile device, users visiting non-existent resources on our fake domains, serving OS-specific payloads, slowing incident responders’ investigations, expiring phishing links, and changing payloads on the fly. The post series is intended to introduce you to using Apache as a phishing redirector and using it to solve common phishing problems, and will hopefully pique your interest into learning more about what Apache can do for your phishing.

FEATURES

ALTERNATIVES

Utilizing Alternate Data Streams (ADS) to bypass AppLocker default policies by loading DLL/CPL binaries.

A tool for Local File Inclusion (LFI) exploitation and scanning

The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.

LinEnum is a tool for Linux enumeration that provides detailed system information and performs various checks and tasks.

A Live CD and Live USB for penetration testing and security assessment

A technique for social engineering and untrusted command execution using ClickOnce technology

Modular framework for pentesting Modbus protocol with diagnostic and offensive features.

A reminder that technology alone is not enough to stay secure against social engineering tactics.

PINNED