Malicious Phishing Domain  - A8s5l1511226292 - Real Time Intelligence to Catch Malicious Phishing Domain SSL Certificate

Phishing is one of the most common problems for Internet Users, find a new innovative method to create believable URL’s to trick users. According to research, more than 15% accounts hijacked by using these social engineering methods.

With Recent Google research, they found 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on black market forums.

In this Kali Linux Tutorial, we are to introduce phishing_catcher that catches Phishing domain SSL using Live stream.

Also Read: DEFCON -2017 Hackers Presentation Complete PDF Lists with Advance Hacking Techniques

How it works

CertStream is an intelligence feed that provides you real-time data feed that fetched from the Certificate Transparency Log network aims at increasing safety with TLS certificates. Most importantly CT was put in the place to defend mis-issuance.

It allows you to use it as a building block to make tools that react to new certificates being issued in real time.

To install Phishing catcher use the following command

git clone https://github.com/x0rz/phishing_catcher.git

- Screenshot from 2017 11 19 01 09 24 copy - Real Time Intelligence to Catch Malicious Phishing Domain SSL Certificate

Then you need to install the following the following python packages installed: certstream, tqdm, entropy, termcolor, tld, python_Levenshtein.

pip install -r requirements.txt

- Screenshot from 2017 11 19 01 14 10 copy - Real Time Intelligence to Catch Malicious Phishing Domain SSL Certificate

Then to execute run the following command.

python catch_phishing.py

- Screenshot from 2017 11 19 01 15 43 copy - Real Time Intelligence to Catch Malicious Phishing Domain SSL Certificate- Screenshot from 2017 11 19 01 15 51 copy - Real Time Intelligence to Catch Malicious Phishing Domain SSL Certificate- Screenshot from 2017 11 19 01 40 59 copy - Real Time Intelligence to Catch Malicious Phishing Domain SSL Certificate- Screenshot from 2017 11 19 01 41 06 copy - Real Time Intelligence to Catch Malicious Phishing Domain SSL Certificate- Screenshot from 2017 11 19 01 41 26 copy - Real Time Intelligence to Catch Malicious Phishing Domain SSL Certificate

In the list, we can see how it can exfiltrate the data based on the suspicious score.

Author: x0rz

Advantages

Early detection of misissued certificates, malicious certificates, and rogue CAs.
Faster mitigation of suspect certificates or CAs is detected.
Better oversight of the entire TLS/SSL system.



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here