Advanced phishing tool used for session & credential grabbing and bypassing 2FA using man-in-the-middle attack with standalone reverse proxy server.
This tool is used for advanced phishing attacks using reverse proxy. It can also bypass 2FA or 2-factor authorization. Captured tokens will be written in the file token.txt on successful phish. Attacker can use this tool to phish victim with any website by creating a suitable configuration and using a signed SSL\TLS certificate(victim will see https connection). Author has already tested it with gmail, outlook & icloud, however no orginal config has been uploaded here for security purposes. This tool is only to be used as a POC to understand advanced phishing and for Red Teaming purposes.
- This tool lets you modify anything in the website to be used for phishing.
- Other tools have restriction like you can not replace response headers or request body, or you need to use third party tools along with them.
- You can also block certain paths. Tool returns
[200 ok]response to those paths without any body, to avoid any suspicion. - Supports regex.
- Supports TCP connection over
SSL/TLS. Use your own signed certificates. - Supports http1, http1.1 & http2 connections.
- Comparably smaller config files because of path based modification and fast to make.
- You do not have to enter whole URL path in the
config.pyfiles. You can just enter part of URL path and tool will automatically match it.
cipherginx.py [-h] [-v] [-l {info,debug,error}] [config]
positional arguments:
config select config to run
optional arguments:
-h, --help show this help message and exit
-v, --version show tool version
-l {info,debug,error}, --level {info,debug,error}
logging level
Example:
cipherginx.py myconfig -l debug
or
cipherginx.py -l debug myconfig
In order to use this tool python3 is required.
To install python in windows get it from here.
- For help type
python cipherginx -h. - If you are using port 443(for ssl/tls), run tool with
sudo. - Use your own cert for ssl/tls & put it in
certfolder with nameserver.pem. - Given cert can be used but it is unsigned.
- Put your
config.pyfiles in config folder.
Config files are structured as sub lists inside a list with two/three items, where first item is the path on which that particular task is to be executed.
Each sublist acts as task. For each replacement you have to add one sublist.
path can be just some part of the URL where the task is to be executed.
Use '' (blank single quotes) if you want to apply that replacement on all the URLs.
Basic configuration:
| variable | use |
|---|---|
hostname |
{target website} |
isSSL |
{http or https} |
server |
{your domain} |
port |
{port to run on} |
Phishing configuration:
| list | use |
|---|---|
inject_domain |
[domain to be replaced, domain to be replaced with] |
req_headers |
[path, headers in dict format] |
resp_headers |
[path, headers in dict format] |
req_body |
[path, string to be replaced, string to be replaced with] |
resp_body |
[path, string to be replaced, string to be replaced with] |
block_paths |
[paths] |
get_cookie |
[cookie names] |
This tool is merely a POC of what attackers can do. Author is not responsible for any use of this tool in any nefarious activity.
Configs given as an example here are anti script-kiddies.
cipherginx is made by @cipheras and is released under the terms of the
Feel free to submit a bug, add features or issue a pull request.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent