A basic HTTP server for harversting proxy credentials through Basic Auth phishing, intended for penetration testing usage. It is meant to be used when users are behind an authenticated proxy, to enable the collection of their credentials to be used later, as in a Meterpreter payload, for example.
To install fa-proxy system-wide, you can use setup.py:
$ sudo python3 setup.py install
If you wish to specify the directory where it should be installed, use the
--prefix switch:
$ sudo python3 setup.py install --prefix=/usr/local
usage: fa-proxy [-h] [-l HOST] [-p PORT] [-t TIMES] url msg
Uses HTTP Basic Auth to phish user credentials.
positional arguments:
url the url the user will be redirected to
msg message to be displayed to the user
optional arguments:
-h, --help show this help message and exit
-l HOST, --listen HOST
host the server should listen on
-p PORT, --port PORT port the server should listen on
-t TIMES, --times TIMES
number of times the credential will be asked
After your physical recon, you know the message the proxy displays to the user at the example.com target company.
To phish an user that is behind an authenticated proxy, you can set up a domain called gmai1.com, for example, and send him an e-mail with a link to this server. You may want the user to make two more fake authentication tries besides the one that allowed him to visit your phishing website. To do this, you can use the following example:
# fa-proxy "https://www.gmail.com" "The proxy at example.com needs authentication. Enter your username and password." -p 80 -t 2