In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-10-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
In this issue, the editor will bring you about how to quickly build a fishing website based on JXWAF. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.
I. Preface
Some time ago, in order to strengthen internal security awareness, we need to conduct a phishing email drill, so we quickly set up a phishing website through JXWAF and found that the effect is good. I hereby share it.
II. Rule configuration
First of all, suppose the attack scenario is to obtain the internal OA account of the company, and the internal OA domain name is oa.testing.com. Then the first step is to register the domain name, such as registering the phishing domain name oa.testlng.com at Wanwang, and the address points to the IP address of the phishing website.
For convenience, DVWA is used as an OA to demonstrate here.
First, let's analyze the characteristics of landing success and landing failure.
Login failed
Log in successfully
As shown in the figure, the difference between login failure and login success lies in the direction of Location in response. The failure point is login.php, and the success point is index.php. Then we use this as a feature to set two rules, one to identify the account that failed to log in, and one to identify the account that succeeded in login. Of course, you can also directly set the rules to record the account password entered without having to be so detailed.
At the end of the analysis, the next step is to build JXWAF and configure rules. For more information on building, please see https://github.com/jx-sec/jxwaf. The rules are configured as follows:
Log in to JXWAF and create a new rule group "fishing Special rules" in the custom rule group.
First set the first rule (not recommended), regardless of login success or failure directly record the account password, which is a common practice of phishing sites, because they do not have a user database, so they can only deal with it. The rules are configured as follows, which is relatively simple.
The results are as follows:
Set the second rule, which will be recorded only if you fail to verify the username and password (put the rule directly without screenshot)
{
"rule_action": "deny"
"rule_category": "other"
"rule_update_category": "resp"
"rule_log": "true"
"rule_serverity": "high"
-
"rule_matchs": []
-
"rule_transform": []
-
"rule_vars": []
"rule_operator": "rx"
"rule_pattern": "login.php$"
"rule_negated": false
"none"
"rule_var": "RESP_HEADERS"
-
"rule_specific": []
"Location"
-
{}
-
"rule_transform": []
-
"rule_vars": []
"rule_operator": "rx"
"rule_pattern": "POST"
"rule_negated": false
"none"
"rule_var": "REQUEST_METHOD"
-
{}
-
"rule_transform": []
-
"rule_vars": []
"rule_operator": "rx"
"rule_pattern": "login.php$"
"rule_negated": false
"none"
"rule_var": "URI"
-
{}
-
{}
-
{}
-
{}
"rule_id": "10011"
"rule_detail": "record user login failed account password"
}
The results are as follows:
Set the third rule, which is recorded only if the username and password is verified successfully (the rule is released directly without screenshot)
{
"rule_action": "deny"
"rule_category": "other"
"rule_update_category": "resp"
"rule_log": "true"
"rule_serverity": "high"
-
"rule_matchs": []
-
"rule_transform": []
-
"rule_vars": []
"rule_operator": "rx"
"rule_pattern": "index.php$"
"rule_negated": "false"
"none"
"rule_var": "RESP_HEADERS"
-
"rule_specific": []
"Location"
-
{}
-
"rule_transform": []
-
"rule_vars": []
"rule_operator": "rx"
"rule_pattern": "POST"
"rule_negated": "false"
"none"
"rule_var": "REQUEST_METHOD"
-
{}
-
"rule_transform": []
-
"rule_vars": []
"rule_operator": "rx"
"rule_pattern": "login.php$"
"rule_negated": "false"
"none"
"rule_var": "URI"
-
{}
-
{}
-
{}
-
{}
"rule_id": "10012"
"rule_detail": "record the password of a user's successful login account"
}
The results are as follows:
The above is the editor to share with you how to quickly build a phishing website based on JXWAF. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
