KoiPhish is a simple yet beautiful phishing proxy idea. It relays requests a client makes to the KoiPish to the actual target and responses are sent back to the client. On the way in and out common links are overwritten in order to not break the user experience and functionality. The benefit of this approach compared to cloning a website is that it will have the same look and feel as the target, and automatically adjust to changes down the road.
The code in this repo shows the basic framework and methodology, and it is intentionally not point and click.
_ __ _ ____ _ _ _ /`·.¸
| |/ /___ (_) _ \| |__ (_)___| |__ /¸...¸`:·
| ' // _ \| | |_) | '_ \| / __| '_ \ ¸.·´ ¸ `·.¸.·´)
| . \ (_) | | __/| | | | \__ \ | | | : © ) ´; ¸ {
|_|\_\___/|_|_| |_| |_|_|___/_| |_| ·. ¸.·´\ `·¸)
``\\´´\¸¸.·´
.................................................. KoiPhish started.
Keep Relaying
End User +--------------------> KoiPhish +--------------------> Actual Login Page
<--------------------+
Keep Relaying
+--------------------> +--------------------> and MFA Provider
<--------------------+ <--------------------+
This keeps going until the passwords and/or session tokens (after 2FA) are grabbed by KoiPhish.
Most web sites these days support multi factor authentication. KoiPish can integreate in the multi step flow, continuously relaying requests back and forth, and eventually gain access to a user's session token.
For actual pentesting more adjustments need to be made, like configuring target, etc. The code is not "point and click".
Leverage security keys and U2F to help mitigate phishing attacks. Learn more here:
Pentesting requires authorization and consent by appropriate stakeholders. Do not do illegal things. You are responsible for your own actions.