Add support for credit card forms

CybrZone / phishkiller

The Unlicense

92 stars 43 forks source link

Add support for credit card forms #30

Open AeroSecGeek opened 2 months ago

AeroSecGeek commented 2 months ago

Hi there

Thanks for the already great work you've done until now!

I recently received a lot of phishing mails asking for my credit card details. I already wrote a small python script to send a bunch of fake credit card data to that URL. As a result, the website was removed within 2 hours.

Perhaps we can extend your phishkiller so the user can select if he wants to send credentials or credit card data.

There are some Tools available to generate fake data, par example: https://smalldev.tools/credit-card-generator-online

PanosoikoGr commented 2 months ago

Nice Idea I will start implimenting it on #27 after I fix the proxy option

BRICKRAID commented 2 months ago

A credit card options would be good too because if the scammer is trying to charge non-existent credit card they actually pay a fee. If you're flooding them with fees this is why the sites get removed so quickly.

MattySuDd commented 2 months ago

I can easily implement this in my version using faker, I'll have a look into it but I'm not sure how the request would look for it that's all

https://faker.readthedocs.io/en/master/providers/faker.providers.credit_card.html

AeroSecGeek commented 2 months ago

@MattySuDd most of the request are looking more or less the same. One example:

  data={
        "captcha":"",
        "step":"cc",
        "datatransTrxId":"fOc93IX31QADM6HsB7VSOa5uKW2S",
        "pmethod":"VIS",
        "expy":"",
        "expm":"",
        "one":card_number,
        "exp":expiry,
        "cvv":cvv
          }

One option is to modify the data array in the code, another option would be to ask the user via the CLI menu to input the different field names for the data array.

B1GBOOM420 commented 2 months ago

Awesome idea - then phishkiller can become a multi-tool instead of single-use - love it

AeroSecGeek commented 2 months ago

Awesome idea - then phishkiller can become a multi-tool instead of single-use - love it

The swiss army knife against phising websites :)

As a long-term goal it would be nice if the user can just provide the malicious URL and phishkiller does a analysis, automatically creates the correct data array and then launches the counterattack.