var unreadAlerts = '1';
You have one unread private message from dkota titled Welcome to the Forum!

PHISHING
#1
 
HI EVERY ONE

I am trying to learn these phishing methods and I have managed to create an IG page clone where the user enters and once they log in, the data is sent through a discord bot and the person is directed to a link that I want, What happens is that I bought my domain with the host, it has its ssl certificate and everything, but obviously chrome and the browsers warn that it is an identity theft site, I would like to know if obfuscating the code or encrypting the .php will be possible to do a FUD code? I'm new to these issues, can someone help me, I appreciate it. (THIS PAGE ITS NOT IN ONION WEB)
Report
#2
first of all, sending the credentials to yourself via discord is REALLY bad opsec. you should figure out a more secure way of transferring those credentials first, before you even think about running it for real. here are some ideas:
1) write the credentials to a small database on your web server and dump that db regularly
2) (if you need a low-tech solution) check the logs of your web server, any credentials should be listed in clear text in the POST requests that you are receiving. logs are also not good OPSEC but at least your web site is not directly connected to you like a discord account is (I hope)
3) use fetch or a similar API to forward the credentials to a 3rd party site like a pastebin and check that site regularly (this is the most anonymous, if you use TOR/i2p) but some ppl might also get a hold of the credentials. if you want to get around that, encrypt them first with PGP or sth similar)
4) if you want to use some kind of messaging bot, use jabber rather than discord. discord messages are sent in clear text with full oversight of the company and the accounts are linked to ur identity. discord does not work over tor afaik.

NOW, THE ACTUAL QUESTION:
chrome and firefox give warnings because they check if the ssl certificate that your site is sending is the same certificate that instagram.com has. thats the one purpose of ssl certificates. there isn't much you can do about that except hope that some ppl are retarded enough to ignore the warnings. that's the phishing business m8

you could, perhaphs, do sth about it if the ssl certificate of instagram ever got leaked or if you had control over the DNS server that your victims use, because you could theoretically redirect their SSL certificate resolution requests to your own phony certificate server but i'm a bit wonky about the cryptography behind it maybe that doesn't even work anymore.

point is, obfuscating code won't do anything, the problem is your ssl certificate.
Reply Quote // Report


Quick Reply
Message
Type your reply to this message here.



Possibly Related Threads…
Thread Author Replies Views Last Post
  Phishing courses Mor3AmaD3uz 3 28 Yesterday, 01:11 AM
Last Post: big_boobies
  Looking to get into phishing. b1gbo11 4 162 05-25-2023, 05:41 AM
Last Post: big_boobies
  Phishing Marlboro23 4 268 03-25-2023, 09:03 AM
Last Post: An0nKush



Users browsing this thread: purely_cabbage
var thread_deleted = "0"; if(thread_deleted == "1") { $("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide(); $("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); }