Payload Delivery
Browser deliveryâ
JSdeliveryâ
python3 jsdelivery.py </path/to/file_to_deliver> > out.html
Web Cloningâ
Wgetâ
wget [-l <recursion_max_depth_level>] -mkEpnp <url>
Web serverâ
Nginx minimal configurationâ
listen 80;
listen [::]:80;
listen 443 ssl;
server_name _;
root /usr/share/nginx/html;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location ~ ^/index.html {
return 301 https://<domain>/;
}
location ~ ^/$ {
return 301 https://<domain>/;
}
location ~ ^/<update>/(.*) {
return 301 https://$host/<en-us/windows/update.html>;
}
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
service nginx restart
info
Once this is done, set CloudFlare in full SSL mode.
Satelliteâ
danger
Satellite has been tested in a lab only!
Installation
Download the release : https://github.com/t94j0/satellite/releases
dpkg -i <satellite_X.X.X_linux_amd64.tar.gz>
systemctl start satellite
The configuration file is located here : /etc/satellite/config.yml
server_root: /var/www/satellite
listen: :443
index: /index.html
log_level: debug
not_found:
redirect: <https://google.com>
server_header: <Apache/2.4.1 (Unix)>
geoip_path: /var/lib/satellite/GeoLite2-Country.mmdb
ssl:
key: /etc/satellite/keys/key.pem
cert: /etc/satellite/keys/cert.pem
Configuration - Full options : https://github.com/t94j0/satellite/wiki/Route-Configuration
File example : /var/www/satellite/phish.html.info
authorized_useragents:
- "^Mozilla*"
exec:
script: </my/path/exec.py>
output: ok
on_failure:
redirect: <https://google.fr>
File example : exec.py
#!/usr/bin/env python3
import sys
import os
req = sys.stdin.read()
if '<unique_pattern_in_req>' in req:
print('ok')
<do_some_stuff>
tip
The python script output must be the same to the output value in the yaml file. Otherwise, it will be considered as a failure!
Log parsing
grep -a "level=info msg=request" /var/log/daemon.log