Skip to main content

bartunek.me

Category: infrastructure

Phishing redirectors

Redirectors for C&C servers are commonly known and used to hide C&C servers. We can apply a similar concept to the phishing sites - host all pages used in red team engagement on one server and redirect traffic from multiple redirectors using different domains. Some benefits: You can host all your phishing sites on one server and point multiple redirectors with phishing domains to that server. You don’t need to log into each VPS to modify or monitor your phishing site.

Basic Nginx configuration

Often during a penetration test, phishing awareness campaign, or red team, I need to set up a webserver to host payloads, phishing websites, etc. This short post is a collection of Nginx configuration directives that I commonly use. Example use cases: redirect HTTP traffic to HTTPS, enable PHP processing, configure a reverse proxy for HTTP(s) or TCP/UDP streams, add or remove HTTP headers in the responses or adding them for upstream servers.