CipherGinx  

Advanced phishing tool used for session & credential grabbing and bypassing 2FA using man-in-the-middle attack with standalone reverse proxy server.

              

Description

This tool is used for advanced phishing attacks using reverse proxy. It can also bypass 2FA or 2-factor authorization. Captured tokens will be written in the file token.txt on successful phish. Attacker can use this tool to phish victim with any website by creating a suitable configuration and using a signed SSL\TLS certificate(victim will see https connection). Author has already tested it with gmail, outlook & icloud, however no orginal config has been uploaded here for security purposes. This tool is only to be used as a POC to understand advanced phishing and for Red Teaming purposes.

Advantages over other similar tools:

• This tool lets you modify anything in the website to be used for phishing.
• Other tools have restriction like you can not replace response headers or request body, or you need to use third party tools along with them.
• You can also block certain paths. Tool returns [200 ok] response to those paths without any body, to avoid any suspicion.
• Supports regex.
• Supports TCP connection over SSL/TLS. Use your own signed certificates.
• Supports http1, http1.1 & http2 connections.
• Comparably smaller config files because of path based modification and fast to make.
• You do not have to enter whole URL path in the config.py files. You can just enter part of URL path and tool will automatically match it.

Options

cipherginx.py [-h] [-v] [-l {info,debug,error}] [config]

positional arguments:
  config                select config to run

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show tool version
  -l {info,debug,error}, --level {info,debug,error}
                        logging level

Example:
cipherginx.py myconfig -l debug
or
cipherginx.py -l debug myconfig

Usage

In order to use this tool python3 is required. To install python in windows get it from here.

• For help type python cipherginx -h.
• If you are using port 443(for ssl/tls), run tool with sudo.
• Use your own cert for ssl/tls & put it in cert folder with name server.pem.
• Given cert can be used but it is unsigned.
• Put your config.py files in config folder.

Config Structure

Config files are structured as sub lists inside a list with two/three items, where first item is the path on which that particular task is to be executed.
Each sublist acts as task. For each replacement you have to add one sublist.
path can be just some part of the URL where the task is to be executed.
Use '' (blank single quotes) if you want to apply that replacement on all the URLs.

Basic configuration:

variable	use
hostname	{target website}
isSSL	{http or https}
server	{your domain}
port	{port to run on}

Phishing configuration:

list	use
inject_domain	[domain to be replaced, domain to be replaced with]
req_headers	[path, headers in dict format]
resp_headers	[path, headers in dict format]
req_body	[path, string to be replaced, string to be replaced with]
resp_body	[path, string to be replaced, string to be replaced with]
block_paths	[paths]
get_cookie	[cookie names]

Disclaimer

This tool is merely a POC of what attackers can do. Author is not responsible for any use of this tool in any nefarious activity.
Configs given as an example here are anti script-kiddies.

License

cipherginx is made by @cipheras and is released under the terms of the  

Contact  

Feel free to submit a bug, add features or issue a pull request.