Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
Home Page: https://muraena.phishing.click/
License: BSD 3-Clause "New" or "Revised" License
Hi, i have noticed that if the fake domain is b64 encoded on "Referer" header on request to target site it is not replaced by the correct b64 domain so the fake domain is actually being sent in the Referer header if b64 encoded.
2019-05-14 15:13:19 !!!: Error binding Muraena on HTTPS: listen tcp xx.xx.xx.xx:443: bind: cannot assign requested address
When setting Tracker to true on the configuration toml file, the tracker assigns different tracking ID for each request within the same session which distributes the session cookies between multiple keys (some times hundreds).
Can anyone help how to setup that
I'm already to pay if you can
Contact my tg@yoyo8955
Thanks
A realistic use case might be to use muraena on a VPS administrating the domain through cloudflare or another proxy yet it seems impossible to do it at the moment (or perhaps I could have missed it in the documentation).
As cloudflare can manage the HTTPs certificate for us we could just serve the phishing website using http while of course the phishing server need to be connected to the real site through https.
If I disable tls support then all the traffic is established using http which is not helpful. For instance:
2019-06-27 21:04:39 inf: [8TIAJ][<redacted_ip>:57132] - [GET][http://<redacted_ip>(http://lichess.org)/]
This attempt results in the victim being redirected to https://redacted_ip due to the redirect that the original page does.
Long story short: I believe that it is a good improvement to have the ability to choose wether the server connects to the victim website using https or http regardless of the protocol that the phishing server is using.
Can anyone help how to setup this tool
Hi!
I've been struggling to escape the iframe sandbox. It seems that it can't be undone. I believe it also involves windows.location at some level. No matter what I do (rewrite DOM, change values), it does not seem to work. The values can be changed using javascript replace function, but the page won't work afterwards. So the iframe must be manipulated before loading.
This is the code that's killing me:
<iframe src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=XXX&co=XXX&hl=en&v=v1560753160450&size=normal&cb=ly6d3pq1fuk4" width="304" height="78" role="presentation" name="a-gj16nmeghwr" frameborder="0" scrolling="no" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox"></iframe>
Does anybody know a workaround? Maybe some tips? I would really appreciate it.
Great job, the proxy work like a charm but no username or password in CLI.
Also I got this :
help
this should be helpful: .
commands█invalid command, enter help for assistance
Thank you
I use the default config.toml can not run properly, please help
`[root@C20220114153649 muraena]# ./muraena666 -config ./config/config.toml
___ ____
/' --;^/ ,-_\ \ | /
/ / --o\ o-\ \\ --(_)--
/-/-/|o|-|\-\\|\\ / | \
' |-| /'-.-
|-| | \
|-|O | \
|-(\,__ | \
...|-|\--,\_|........\.--[ Muraena v0.1.4 (built for linux amd64 with go1.16.12) ]
,;;;;;;;;;;;;;;;;;;;;;;;;,. by @antisnatchor & @ohpe
~~,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;, ______ --------- _____ ------
Error unmarshalling JSON configuration file ./config/config.toml: invalid character 'p' looking for beginning of value
[root@C20220114153649 muraena]#
`
Hey there,
I've been playing around with the existing setup and got things to run nicely. One thing I'm not sure about (particularly when contrasting with EvilGinx2), is the use of multiple configs/phishlets on a single binding.
Is it possible to have Muraena bind on 80/443 and configured to handle multiple domains at the same time?
Allow to customize listening IP address and port
hello, this is a question and not a issue.
i will like to know if there is a way to bypass web app with httpOnly cookie set to true.
thanks
Hello , who got this error while testing google
Who got this error while testing google
You are trying to sign in from a browser or app that doesn't allow us to keep your account secure.
Try using a different browser.
Thanks!
By default If-Range and X-If-Landing-Redirect are used to track new victims.
Make it possible to customize these headers in the config file.
Headers defined in the transform.response.headers configuration are not properly translated and phishing domain is leaked.
Google recently made changes preventing "insecure browsers" from authenticating, where it no longer will even prompt for a 2FA code when it identified the traffic is being proxied. I'd like to test our o365 environment to see how effective this would be, however having severe difficulties creating the o365 template from scratch. Is adding an o365 template something that can be shared/done if available, or would you be able to point me in the right direction in generating one? # #
After running ./muraena -config config.toml
Error unmarshalling TOML configuration file config.toml: (25
, 40): parsing error: no value can start with H
My config:
[proxy]
# Phishing domain
phishing = "mydomain.net"
# Target domain to proxy
destination = "Victim.fi"
# Listening IP address (IPv4 or IPv6)
# e.g. 0.0.0.0 or [::]
IP = "82.0.0.0.0"
# Listen announces on the local network address.
# The network must be "tcp", "tcp4", "tcp6"
listener = "tcp4"
# Listeninng TCP Port
port = 443
#
# Simple port forwarding used when the phishing site listen on a port different from target domain, such as:
# - test.muraena:8443
# - victim.site: 443
#
# port mapping can be configured as follow: ListeningPort:TargetPort
#portmapping = "443:31337"
# Force HTTP to HTTPS redirection
[proxy.HTTPtoHTTPS]
enabled = true
HTTPport = 80
#
# Proxy's replacement rules
#
[transform]
# List of content types to exclude from the transformation process
skipContentType = [ "font/*", "image/*" ]
# Enable transformation rules in base64 strings
[transform.base64]
enabled = false
padding = [ "=", "." ]
[transform.request]
headers = [
"Cookie",
"Referer",
"Origin",
"X-Forwarded-For"
]
[transform.response]
headers = [
"Location",
"WWW-Authenticate",
"Origin",
"Set-Cookie",
"Access-Control-Allow-Origin"
]
# Generic replacement rules:
# it applies to body and any http header enabled for manipulation
content = [
[ "this is blue", "this is green" ]
]
#
# Proxy's wiping rules
#
[remove]
[remove.request]
headers = [
"X-Forwarded-For",
#"User-Agent"
]
[remove.response]
headers = [
"Content-Security-Policy",
"Content-Security-Policy-Report-Only",
"Strict-Transport-Security",
"X-XSS-Protection",
"X-Content-Type-Options",
"X-Frame-Options",
"Referrer-Policy",
"X-Forwarded-For"
]
#
# Proxy's crafting rules
#
[craft]
[craft.add]
[craft.add.request]
[[craft.add.request.headers]]
#name = "User-Agent"
#value = "Ninja Agent"
[craft.add.response]
[[craft.add.response.headers]]
#
# Rudimental redirection rules
#
[[drop]]
path = "/logout"
redirectTo = "https://victim.site"
[[drop]]
path = "/signout"
redirectTo = "https://victim.site"
#
# LOG
#
[log]
enabled = true
filePath = "muraena.log"
#
# DB (redis)
#
[redis]
host = "127.0.0.1"
port = 6379
password = ""
#
# TLS
#
[tls]
enabled = true
# Expand allows to replace the content of the certificate/key/root parameters to their content instead of the
# filepath
expand = false
certificate = "-----BEGIN CERTIFICATE-----\nMIIFQjCCBCqgAwIBAgISAyVaNf0i9sf5jfc7D8TTNBSrMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTEwMTkxOTMyMzJaFw0yMjAxMTcxOTMyMzFaMCkxJzAlBgNVBAMM\nHioudmVyby1maS1oZW5raWxvYXNpYWtrYWF0Lm5ldDCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBANH4twGqxgolPYULUslkCz1Mg3Vo2GNyOJbvzeINlwm0\nfWONXfxue0l0h5LaSS8w2zTlbWXNXVz7A9QXdAIVEhORPkbaiiJv0owmmhkzSJxE\nxnxBCWCU6iY2irx1vy3qKWhiFRk661i1Eu4qq9vrET7E7Jnu6C7RSivJ4FBFj5Gu\nZGO9HCpyLeCmR2rgniWrPO2F7VHvooqvV8vrpGt8kxNyYDGk9jdOlXcS4HuuWiP2\npMB+XItdq9V1fh42toJt4koEuc4Co0I0xpL+uReIxHrnGbEZzPLDibkQtGQq6f7N\nmGVKbLqHcwRLCu624TD39QtskaMPRDyiF3mTIHXD9O8CAwEAAaOCAlkwggJVMA4G\nA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD\nVR0TAQH/BAIwADAdBgNVHQ4EFgQUB4nrVQwktBudvxS3dd6JIQOkXLswHwYDVR0j\nBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG\nAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6\nLy9yMy5pLmxlbmNyLm9yZy8wKQYDVR0RBCIwIIIeKi52ZXJvLWZpLWhlbmtpbG9h\nc2lha2thYXQubmV0MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEB\nMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYK\nKwYBBAHWeQIEAgSB9QSB8gDwAHYAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jw\nkGKWBvYAAAF8mkFxEQAABAMARzBFAiBr+uL2JiEUsNBqejpIDUR7Rg7Bq1S6oQax\nfbp+zlffVQIhAM9gso2HIyzUHaj8MxZWjSvByUHau0AsGcopodBE5dxCAHYARqVV\n63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF8mkFxNQAABAMARzBFAiA3\n8YmpV829gfWHZZCRye8c6DEOL+vg4cr/Ks2RE8uaEQIhANAqsy3cAwPBzTmx7jwg\nNEoSSYrJQah3Mmx3lY8oMlqCMA0GCSqGSIb3DQEBCwUAA4IBAQAvw8hKCdgSjNTo\nQWqOAhxvcKft0ZZQlPX/HaSpOZX5r4KaKIAQWPcA0aodYJ0EFx9L/5/E6Vr6z6r/\nZvM5lKzJ5HfHVffJ/Ym+usCQTKomK99eixaqnjXpZptfqOYTXsnXHvxHPrf7wvgy\nP45iISxSDQ+siIA1cyhFOW35lRIfc3xqeM9t4nhgsVr8kcUo6gw0otAQ2KCzyvkJ\nDN7PmfSGjQZehmJREDevTOfpB3Jd5OSGMhkPC0rlPS1ei3vAjLQ1c7fCSH1AYthx\newN2G7Xfm7LqUqFuZxBzFXMioTFga2bz2EinLbr0kwpAsQWvmuUswljsth3IkY1+\nxU83z0iv\n-----END CERTIFICATE-----\n
"
key = "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDR+LcBqsYKJT2F\nC1LJZAs9TIN1aNhjcjiW783iDZcJtH1jjV38bntJdIeS2kkvMNs05W1lzV1c+wPU\nF3QCFRITkT5G2ooib9KMJpoZM0icRMZ8QQlglOomNoq8db8t6iloYhUZOutYtRLu\nKqvb6xE+xOyZ7ugu0UoryeBQRY+RrmRjvRwqci3gpkdq4J4lqzzthe1R76KKr1fL\n66RrfJMTcmAxpPY3TpV3EuB7rloj9qTAflyLXavVdX4eNraCbeJKBLnOAqNCNMaS\n/rkXiMR65xmxGczyw4m5ELRkKun+zZhlSmy6h3MESwrutuEw9/ULbJGjD0Q8ohd5\nkyB1w/TvAgMBAAECggEADXwsvLWsDGDB57aHdZmwQxqT4sl+BD0Et2TlUxxOU/g8\niVU98QVjc59BScQtKRO5MFd/xCcBVQRmBYwQDkYuKAWO+1vzvSxzWD7ubKnngunD\n2Z0Prh1CQHwGQv5I7fj4+dQ6yKkJDmRqt9MTwIcDT4W0MFqwnLkiS1emyWD+THvJ\n/ACX8hA3eArA9/vUwRHjgAyPwzd2LL44Yen5uQrk9p+whCMess0/eEAM0Agzayam\nLu5oxVtnYTbXHN6B5kdIXtqglbYtcig2poXhjjvaJ/AY/judG5Hs31sb2B7tlgeY\nuBaSPXGI6zil0fnkNvkOQ0AcIRxOm5QunR55qODroQKBgQDrn9PCyDVEcqjaSn2o\n6esXJ79VNNGJmqDo3RtFwLR5+SL3f1js/xos/8ypet8guAlPgLOeYIKbC5ouJD/7\nPXpbH3lfDHXfFtkdw+QrCrN7sHuY22BNFsKHbfCClQenDG5JrPO0VOxUPUPb5DRO\nTpfob0h3+1bCji0WWoKu28AwMQKBgQDkIP6za9aEFZoabKtptrGTj2WnwizK4/1V\nrv1mc4SGPzCAu1Ig0sG985AcHWUfjQKZsxMUD/Y1ThIISO8U/rDT2r73Owak4vCQ\nQL9wTRjlDikHafjLY6KWEu1lX0zCjdKFDaeIaEu5tL86jy4ztL4BR0WHfIKyOXK+\nBCzsA89PHwKBgAsJm6PeORCRxnMjViuZeZfGFuJo7P/jLHJ8GRD1a/7ius6ZOpMv\niAxflzjBNr6ToGwG/WMH5lZY/sn2jMC6KocmPEtFjCf9LAKG8KNLhwjeRYvtit9R\nl588eS3EyWz72ha9cVUbPU7c59bfI8wfRmJvBBgKwA+xFU+cwc5rIN+hAoGAEZtC\nTRKrkbIhHJz6dcQ13E+a5uGjl10VNkG1KO0Nc1b5JVZPtlzNux1LKABUx6SYaMhb\nVpcMx3xpA96tJQ+rEg614lrZ3mvtaRS2MbKhkzwOipXxL7FW4QJA9Cvwvqs3bjFp\nlquF/KUohRp71F3EtFCN2zEO3TZ11ph35xc8Lr0CgYAhJjLKkHJZmq1olbXevVal\nKB75o7GZyoD5nwttFEBLlPZjPoM4ccgMKS0rQVYEydb8wpURac4ec9VcmIzXJb+S\nxZWXQAmnVNbUFuovz016coUL+a26jKVEtJMrXX3QdLT51hFhdUINhBnQNuKNQYD7\nqFjPW53Za64wxIa001Vlyg==\n-----END PRIVATE KEY-----\n
"
root = "-----BEGIN CERTIFICATE-----\nMIIFQjCCBCqgAwIBAgISAyVaNf0i9sf5jfc7D8TTNBSrMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTEwMTkxOTMyMzJaFw0yMjAxMTcxOTMyMzFaMCkxJzAlBgNVBAMM\nHioudmVyby1maS1oZW5raWxvYXNpYWtrYWF0Lm5ldDCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBANH4twGqxgolPYULUslkCz1Mg3Vo2GNyOJbvzeINlwm0\nfWONXfxue0l0h5LaSS8w2zTlbWXNXVz7A9QXdAIVEhORPkbaiiJv0owmmhkzSJxE\nxnxBCWCU6iY2irx1vy3qKWhiFRk661i1Eu4qq9vrET7E7Jnu6C7RSivJ4FBFj5Gu\nZGO9HCpyLeCmR2rgniWrPO2F7VHvooqvV8vrpGt8kxNyYDGk9jdOlXcS4HuuWiP2\npMB+XItdq9V1fh42toJt4koEuc4Co0I0xpL+uReIxHrnGbEZzPLDibkQtGQq6f7N\nmGVKbLqHcwRLCu624TD39QtskaMPRDyiF3mTIHXD9O8CAwEAAaOCAlkwggJVMA4G\nA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD\nVR0TAQH/BAIwADAdBgNVHQ4EFgQUB4nrVQwktBudvxS3dd6JIQOkXLswHwYDVR0j\nBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG\nAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6\nLy9yMy5pLmxlbmNyLm9yZy8wKQYDVR0RBCIwIIIeKi52ZXJvLWZpLWhlbmtpbG9h\nc2lha2thYXQubmV0MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEB\nMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYK\nKwYBBAHWeQIEAgSB9QSB8gDwAHYAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jw\nkGKWBvYAAAF8mkFxEQAABAMARzBFAiBr+uL2JiEUsNBqejpIDUR7Rg7Bq1S6oQax\nfbp+zlffVQIhAM9gso2HIyzUHaj8MxZWjSvByUHau0AsGcopodBE5dxCAHYARqVV\n63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF8mkFxNQAABAMARzBFAiA3\n8YmpV829gfWHZZCRye8c6DEOL+vg4cr/Ks2RE8uaEQIhANAqsy3cAwPBzTmx7jwg\nNEoSSYrJQah3Mmx3lY8oMlqCMA0GCSqGSIb3DQEBCwUAA4IBAQAvw8hKCdgSjNTo\nQWqOAhxvcKft0ZZQlPX/HaSpOZX5r4KaKIAQWPcA0aodYJ0EFx9L/5/E6Vr6z6r/\nZvM5lKzJ5HfHVffJ/Ym+usCQTKomK99eixaqnjXpZptfqOYTXsnXHvxHPrf7wvgy\nP45iISxSDQ+siIA1cyhFOW35lRIfc3xqeM9t4nhgsVr8kcUo6gw0otAQ2KCzyvkJ\nDN7PmfSGjQZehmJREDevTOfpB3Jd5OSGMhkPC0rlPS1ei3vAjLQ1c7fCSH1AYthx\newN2G7Xfm7LqUqFuZxBzFXMioTFga2bz2EinLbr0kwpAsQWvmuUswljsth3IkY1+\nxU83z0iv\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\nWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\nRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\nR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\nsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\nNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\nZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\nAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\nFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\nAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\nOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\ngt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\nPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\nikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\nCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\nlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\navAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\nyJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\nyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\nhCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\nHlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\nMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\nnLRbwHOoq7hHwg==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----\n
"
#
# Danger zone, be careful editing these settings
#
# Minimum supported TLS version: SSL3.0, TLS1.0, TLS1.1, TLS1.2, TLS1.3
minVersion = "TLS1.2"
preferServerCipherSuites = true
sessionTicketsDisabled = true
# InsecureSkipVerify controls whether muraena verifies the server's
# certificate chain and host name.
insecureSkipVerify = false
# RenegotiationSupport
# Note: renegotiation is not defined in TLS 1.3.
# Options:
# - Never (default):disables renegotiation
# - Once: allows a remote server to request renegotiation once per connection.
# - Freely: allows a remote server to repeatedly request renegotiation.
renegotiationSupport = "Never"
#
# CRAWLER
#
[crawler]
enabled = false
depth = 3
upto = 20
externalOriginPrefix = "www-"
externalOrigins = [
"*.anotherdomain.site",
"example.dev"
]
#
# NECROBROWSER
#
[necrobrowser]
enabled = false
endpoint = "http://necrobrowser.url/xyz"
profile = "./config/instrument.necro"
[necrobrowser.keepalive]
# GET on an authenticated endpoint to keep the session alive
# every keepalive request is processed as its own necrotask
enabled = false
minutes = 5 # keeps alive the session every 5 minutes
[necrobrowser.trigger]
type = "cookies"
values = ["user_session", "dotcom_user"] # values can be cookies names or relative paths
delay = 5 # check every 5 seconds victim's cookie jar to see if we need to instrument something
#
# STATIC SERVER
#
[staticServer]
enabled = false
port = 8080
localPath = "./static/"
urlPath = "/evilpath/"
#
# WATCHDOG
#
[watchdog]
enabled = true
# Monitor rules file changes and reload
dynamic = true
rules = "./config/watchdog.rules"
geoDB = "./config/geoDB.mmdb"
#
# TRACKING
#
[tracking]
enabled = false
# Tracking types can be Path || Query (default)
#
# query:
# ?identifier=trackingID
#
# path:
# /trackingID
#
type = "query"
# Tracking identifier
identifier = "_gat"
# Rule to generate and validate a tracking identifier
regex = "[a-zA-Z0-9]{5}"
# Tracking initial HTTP Header (empty is: If-Range)
header = "X-Whatveryouwant-Header"
# Landing HTTP Header (empty is: X-If-Landing-Redirect)
landing = "X-Whatveryouwant-Landing-Header"
# Set speific victim's IP address
# ipSource = ""
# Set tracking cookie for a custom domain
# domain = ""
[tracking.urls]
credentials = [ "/session" ]
authSession = [ "/settings/profile" ]
[[tracking.patterns]]
label = "Username"
matching = "login"
start = "login="
end = "&password="
[[tracking.patterns]]
label = "Password"
matching = "password"
start = "password="
end = "&"
Hello,
I have successfully setup and got gmail session but the problem is it is not loading any email.
It is showing me the list of email in each folder but not loading any email.
Please suggest.
Thanks
hi there team muraena i am trying to understand the code behind whats the role of crawler in code i see you also used this in config file [crawler]
externalOriginPrefix = "www-"
externalOrigins = [
"*.anotherdomain.site",
"example.dev"
]
what does it actually do any response would be highly appreciated from a student point of view thanks in advance also if you can update wiki for config file parameter that would be great :-)
I'm getting this error in linux at first connection by client : Why?
http: panic serving #MYCLIENTIP:PORT#: runtime error: invalid memory address or nil pointer dereference goroutine 52 [running]: net/http.(*conn).serve.func1(0xc00035c0a0) /usr/local/go/src/net/http/server.go:1769 +0x139 panic(0x9fc460, 0x10e51e0) /usr/local/go/src/runtime/panic.go:522 +0x1b5 github.com/muraenateam/muraena/module/tracking.(*Tracker).TrackRequest(0xc000074a20, 0xc0000fcf00, 0x853eb5d707b21cc6) /go/src/github.com/muraenateam/muraena/module/tracking/tracking.go:270 +0x2ca github.com/muraenateam/muraena/proxy.(*MuraenaProxy).RequestProcessor(0xc0000a8550, 0xc0000fcf00, 0x0, 0x0) /go/src/github.com/muraenateam/muraena/proxy/handler.go:126 +0xa7 github.com/muraenateam/muraena/proxy.(*MuraenaProxyInit).Spawn.func1(0xc0000fcf00) /go/src/github.com/muraenateam/muraena/proxy/handler.go:385 +0x4a github.com/muraenateam/muraena/proxy.(*ReverseProxy).ServeHTTP(0xc0000a8500, 0xb92a20, 0xc000120380, 0xc0000fcc00) /go/src/github.com/muraenateam/muraena/proxy/reverseproxy.go:200 +0x1dd github.com/muraenateam/muraena/proxy.(*SessionType).HandleFood(0xc0002efc48, 0xb92a20, 0xc000120380, 0xc0000fcc00) /go/src/github.com/muraenateam/muraena/proxy/handler.go:495 +0x4d5 main.main.func1(0xb92a20, 0xc000120380, 0xc0000fcc00) /go/src/github.com/muraenateam/muraena/main.go:101 +0x63 net/http.HandlerFunc.ServeHTTP(0xc00000eb20, 0xb92a20, 0xc000120380, 0xc0000fcc00) /usr/local/go/src/net/http/server.go:1995 +0x44 net/http.(*ServeMux).ServeHTTP(0x1111860, 0xb92a20, 0xc000120380, 0xc0000fcc00) /usr/local/go/src/net/http/server.go:2375 +0x1d6 net/http.serverHandler.ServeHTTP(0xc0000fc400, 0xb92a20, 0xc000120380, 0xc0000fcc00) /usr/local/go/src/net/http/server.go:2774 +0xa8 net/http.(*conn).serve(0xc00035c0a0, 0xb94160, 0xc00029a480) /usr/local/go/src/net/http/server.go:1878 +0x851 created by net/http.(*Server).Serve /usr/local/go/src/net/http/server.go:2884 +0x2f4;
2021-10-09 12:08:28 !!!: redis dial tcp 127.0.0.1:6379: connectex: No connection could be made because the target machine actively refused it.
As mentioned here: #11 (comment), sometimes you want to listen on a specific port but want to forward traffic to another port, such as 8443 > 443.
google config is able to handle SMS 2fa beautifully however not mobile push notifications sent when new logins are detected. Google sends mobile prompts to android devices(not sure about ios) when detecting a new login, however when i tap the device screen to verify the login the screen just hangs. There is a workaround because I can tap "try another way" to receive an SMS message but it still raises suspicion.
what is next ?
mydomain.com do not open in browser ...
what im missing ?
root@server:~/go/src/github.com/muraenateam/muraena# ./muraena -config config/google.com.json
___ ____
/' --;^/ ,-_\ \ | /
/ / --o\ o-\ \\ --(_)--
/-/-/|o|-|\-\\|\\ / | \
'` ` |-| `` /'-.-
|-| | \
|-|O | \
|-(\,__ | \
...|-|\--,\_|........\.%%s.%%s.%%s--[ MURAENA ]--%%s%%.%%s%%.%%s%%
,;;;;;;;;;;;;;;;;;;;;;;;;,. by @antisnatchor & @ohpe
~~,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;, ______ --------- _____ ------
muraena v0.1 (built for linux amd64 with go1.12.4)
2019-05-14 22:04:28 imp: [tracker] loaded successfully
2019-05-14 22:04:28 inf: Proxy destination: *.google.com
2019-05-14 22:04:28 inf: Including [github.com]=www-1
2019-05-14 22:04:28 inf: Including [gsuite.google.ca]=www-2
2019-05-14 22:04:28 inf: Including [gsuite.google.co.id]=www-3
2019-05-14 22:04:28 inf: Including [gsuite.google.co.il]=www-4
2019-05-14 22:04:28 inf: Including [gsuite.google.co.in]=www-5
2019-05-14 22:04:28 inf: Including [gsuite.google.co.jp]=www-6
2019-05-14 22:04:28 inf: Including [gsuite.google.co.kr]=www-7
2019-05-14 22:04:28 inf: Including [gsuite.google.co.nz]=www-8
2019-05-14 22:04:28 inf: Including [gsuite.google.co.th]=www-9
2019-05-14 22:04:28 inf: Including [gsuite.google.co.uk]=www-10
2019-05-14 22:04:28 inf: Including [gsuite.google.com.au]=www-11
2019-05-14 22:04:28 inf: Including [gsuite.google.com.br]=www-12
2019-05-14 22:04:28 inf: Including [gsuite.google.com.eg]=www-13
2019-05-14 22:04:28 inf: Including [gsuite.google.com.hk]=www-14
2019-05-14 22:04:28 inf: Including [gsuite.google.com.mx]=www-15
2019-05-14 22:04:28 inf: Including [gsuite.google.com.my]=www-16
2019-05-14 22:04:28 inf: Including [gsuite.google.com.ph]=www-17
2019-05-14 22:04:28 inf: Including [gsuite.google.com.sg]=www-18
2019-05-14 22:04:28 inf: Including [gsuite.google.com.tr]=www-19
2019-05-14 22:04:28 inf: Including [gsuite.google.com.tw]=www-20
2019-05-14 22:04:28 inf: Including [gsuite.google.com.ua]=www-21
2019-05-14 22:04:28 inf: Including [gsuite.google.com.vn]=www-22
2019-05-14 22:04:28 inf: Including [gsuite.google.cz]=www-23
2019-05-14 22:04:28 inf: Including [gsuite.google.dk]=www-24
2019-05-14 22:04:28 inf: Including [gsuite.google.es]=www-25
2019-05-14 22:04:28 inf: Including [gsuite.google.fi]=www-26
2019-05-14 22:04:28 inf: Including [gsuite.google.fr]=www-27
2019-05-14 22:04:28 inf: Including [gsuite.google.hu]=www-28
2019-05-14 22:04:28 inf: Including [gsuite.google.ie]=www-29
2019-05-14 22:04:28 inf: Including [gsuite.google.nl]=www-30
2019-05-14 22:04:28 inf: Including [gsuite.google.no]=www-31
2019-05-14 22:04:28 inf: Including [gsuite.google.pl]=www-32
2019-05-14 22:04:28 inf: Including [gsuite.google.pt]=www-33
2019-05-14 22:04:28 inf: Including [gsuite.google.ru]=www-34
2019-05-14 22:04:28 inf: Including [gsuite.google.se]=www-35
2019-05-14 22:04:28 inf: Including [accounts.google.pl]=www-36
2019-05-14 22:04:28 inf: Including [www.googletagmanager.com]=www-37
2019-05-14 22:04:28 inf: Including [www.googletraveladservices.com]=www-38
2019-05-14 22:04:28 inf: Including [www.blog.google]=www-39
2019-05-14 22:04:28 inf: Including [www.blogger.com]=www-40
2019-05-14 22:04:28 inf: Including [www.linkedin.com]=www-41
2019-05-14 22:04:28 inf: Including [chrome-devtools-frontend.appspot.com]=www-42
2019-05-14 22:04:28 inf: Including [www.googleadservices.com]=www-43
2019-05-14 22:04:28 inf: Wild Including [googleblog.com]=www-wld1
2019-05-14 22:04:28 inf: Wild Including [g.doubleclick.net]=www-wld2
2019-05-14 22:04:28 inf: Wild Including [gstatic.com]=www-wld3
2019-05-14 22:04:28 inf: Wild Including [google.dk]=www-wld4
2019-05-14 22:04:28 inf: Wild Including [google.it]=www-wld5
2019-05-14 22:04:28 inf: Wild Including [googleusercontent.com]=www-wld6
2019-05-14 22:04:28 inf: Wild Including [googleapis.com]=www-wld7
2019-05-14 22:04:28 inf: Wild Including [google-analytics.com]=www-wld8
2019-05-14 22:04:28 inf: Wild Including [youtube.com]=www-wld9
2019-05-14 22:04:28 inf: Wild Including [sandbox.google.com]=www-wld10
2019-05-14 22:04:28 inf: Wild Including [clients6.google.com]=www-wld11
2019-05-14 22:04:28 inf: Processed 43 domains to transform, 11 are wildcards
2019-05-14 22:04:28 inf: Muraena Reverse Proxy waiting for food on HTTPS...
[ mydomain.com ] ==> [ google.com ]
sessions
help
this should be helpful: .
h
this should be helpful: .
sessions
█
I'm sure I'me just missing a step but the credentials are not getting passed to the NecroBrowser. I made sure to change the start token for my google config, and it is running on the same machine. I looked at my Google config and I was wondering, does it have to be gsuite profile?
"necrobrowser": { "enabled": true, "endpoint": "http://127.0.0.1:8080", "token": "ada9f7b8-6e6c-4884-b2a3-ea757c1eb617", "profile": "gsuite", "keywords": null
edit:
I tried a gsuite account, and it still did not work.
I don't have to make a firewall rule do I?
Wouldn't it be possible to cache non usefull requests so making it faster?
For instance, allowing only non-static requests to pass through the proxy and the other being cached to the client
in general how does this work and how do i serve custom pages
i want to test the reverse proxy on a website i've installed on a subdomain for eg. abc.123.com.
When i run the proxy, it handles the domain like "#.123.com" whereas it should handle the domain like "#.abc.123.com".
I am wondering how is that possible to make it work for the subdomain?
Any help would be appreaciated.
Hi!
I need to replace the content of a response header (a batch of set-cookie). In the config file I saw that replacements with regex can be done in the body but I don't see how to do the same at header level. Is there a way to match-and-replace header values?
They show up at the terminal, but I can't find them anywhere else
Allow to redirect victims landing on HTTP to HTTPs
maybe someone can fork/enhance this to make it a SSO-Portal with 2FA support.
the idea is to have a portal with one login (username+password+2FA) and so every website with the same logon-credentials gets logged-in automatically.
Solved
I want to first apologize for any grammatical errors i might make. I'm having this issues that i have been stuck on for a while now, (i am new to golang) when i used the make build command the build went to # cd $GOPATH/bin, i had to copy it to # cd $GOPATH/src/github.com/muraenateam/muraena. now i ran the # sudo ./muraena command and it gave me this.
NB: everything went fine until i ran the sudo ./muraena command
___ ____
/' --;^/ ,-_\ \ | /
/ / --o\ o-\ \\ --(_)--
/-/-/|o|-|\-\\|\\ / | \
' |-| /'-.-
|-| | \
|-|O | \
|-(\,__ | \
...|-|\--,\_|........\.--[ Muraena v1.3 (built for linux amd64 with go1.15.9) ]
,;;;;;;;;;;;;;;;;;;;;;;;;,. by @antisnatchor & @ohpe
~~,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;, ______ --------- _____ ------
Error reading configuration file : open : no such file or directory
make build
proxy/transformer.go:124:16: undefined: strings.ReplaceAll
make: *** [Makefile:9: build] Error 2
Gmail doesnt work.. Any solutions?
Not sure how to do this, but the credentials and cookies should save across server runs.
Hello, I am trying to create a new template for collecting creds for Outlook (ie. live.com) I feel like I am very close to a solution, but seem to be stuck. I believe I have the correct search for the username and password, but I think I need some way to find the proper settings for the "crawler" configurations, what is the best way to find these setting?:
"crawler": {
"enabled": true,
"depth": 2,
"upto": 20,
"externalOriginPrefix": "www-",
"externalOrigins": []
},
I have upload the HAR file from which I am pulling most of information, I have also uploaded what I have so far.
public_view_outlook_Archive 19-06-20 08-13-18.txt
public_view_muraena_outlook_live.com.txt
i get this error:
2019-05-17 12:03:12 !!!: Error binding Muraena on HTTPS: tls: failed to find any PEM data in certificate input
i use acme.sh to generate certs
it give me:
Your cert is in /root/.acme.sh/example.com/example.com.cer
Your cert key is in /root/.acme.sh/example.com/example.com.key
The intermediate CA cert is in /root/.acme.sh/example.com/ca.cer
And the full chain certs is there: /root/.acme.sh/example.com/fullchain.cer
so i did:
root@server:/go/src/github.com/muraenateam/muraena/config# cp /root/.acme.sh/example.com/example.com.cer phishing-cert.pem/go/src/github.com/muraenateam/muraena/config# cp /root/.acme.sh/example.com/example.com.key phishing-key.pem
root@server:
root@server:~/go/src/github.com/muraenateam/muraena/config# cp /root/.acme.sh/example.com/ca.cer phishing-rootCA.pem
i run :
./muraena -config config/config.json
i get this:
root@server:~/go/src/github.com/muraenateam/muraena# ./muraena -config config/config.json
___ ____
/' --;^/ ,-_\ \ | /
/ / --o\ o-\ \\ --(_)--
/-/-/|o|-|\-\\|\\ / | \
' |-| /'-.-
|-| | \
|-|O | \
|-(\,__ | \
...|-|\--,\_|........\.--[ Muraena v0.1.2 (built for linux amd64 with go1.12.4) ]
,;;;;;;;;;;;;;;;;;;;;;;;;,. by @antisnatchor & @ohpe
~~,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;, ______ --------- _____ ------
2019-05-17 12:03:11 inf: [crawler] Starting exploration of proxiedwebsite.com (crawlDepth:2 crawlMaxReq: 20), just a few seconds...
█
2019-05-17 12:03:12 inf: [crawler] Domain crawling stats:
┌──────────────────┬─────┐
│ Domains │ # │
├──────────────────┼─────┤
│ External domains │ 0 │
│ Subdomains │ 0 │
│ ---------------- │ --- │
│ Unique domains │ 0 │
└──────────────────┴─────┘
2019-05-17 12:03:12 imp: [tracker] loaded successfully
2019-05-17 12:03:12 inf: Proxy destination: *.proxiedwebsite.com
2019-05-17 12:03:12 inf: Processed 0 domains to transform, 0 are wildcards
2019-05-17 12:03:12 inf: Muraena Reverse Proxy waiting for food on HTTPS...
[ example.com ] ==> [ proxiedwebsite.com ]
2019-05-17 12:03:12 !!!: Error binding Muraena on HTTPS: tls: failed to find any PEM data in certificate input
root@server:~/go/src/github.com/muraenateam/muraena#
I've been learning and trying to use this tool for weeks, works good tho but not too good with google, each time i proxy through google and try to login, it doesn't let me, what happens is that after putting the email address of my test account, when i click next, the next button doesn't work, please i need assistance @ohpe @antisnatchor @almogmoyal
Hello guys,
First of all, congratulations on your project! It's really cool. I've watched your presentation.
However, I have an issue. Can't get this done right. Due to lack of documentation, I have to ask here.
It seems that there is no substitution for the domain in the recaptcha url on my side. I'm not sure why and I'll need some hints.
The changes I made to the config are minimal.
Here is my config. I would like to understand why the substitution does not happen.
As you can see, the value of the co variable from the url is pointing at my domain.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.