Gophish MODs
Modify Gophish to Bypass Detection
Was recently working on a Phishing Engagement. I always modified Gophish manually to evade detection. This time I thought of the principle, "Don't Do Anything Twice: When it Makes Sense to Automate" . Before I started manually typing scripts I searched github.com for gold (basically if someone else tried to do it). I found this amazing docker-compose file which does all of the things which I wanted to do.
So I'm stealing work? Probably yeah !! I dont want docker so I'll probably just extract useful content from the docker-container file and run it on my gophish server πŸ€·β€β™‚οΈ
1
#clone gophish
2
git clone https://github.com/gophish/gophish
3
​
4
#Get a Custom 404 Page
5
wget "https://raw.githubusercontent.com/puzzlepeaches/sneaky_gophish/main/files/404.html" -O "404.html"
6
​
7
#Get a Custom Phish.go
8
wget "https://raw.githubusercontent.com/puzzlepeaches/sneaky_gophish/main/files/phish.go" -O "phish.go"
9
​
10
#copy Custom Phish.go
11
rm gophish/controllers/phish.go
12
mv phish.go gophish/controllers/phish.go
13
​
14
#Copy new 404.html
15
mv 404.html gophish/templates/404.html
16
​
17
cd gophish
18
​
19
sed -i 's/X-Gophish-Contact/X-Contact/g' models/email_request_test.go
20
sed -i 's/X-Gophish-Contact/X-Contact/g' models/maillog.go
21
sed -i 's/X-Gophish-Contact/X-Contact/g' models/maillog_test.go
22
sed -i 's/X-Gophish-Contact/X-Contact/g' models/email_request.go
23
​
24
# Stripping X-Gophish-Signature
25
sed -i 's/X-Gophish-Signature/X-Signature/g' webhook/webhook.go
26
​
27
# Changing servername
28
sed -i 's/const ServerName = "gophish"/const ServerName = "IGNORE"/' config/config.go
29
​
30
# Changing rid value
31
read -p 'Custom RID Parameter: ' uservar
32
sed -i 's/const RecipientParameter = "rid"/const RecipientParameter = "'$uservar'"/g' models/campaign.go
33
​
34
​
35
​
36
go build
Copied!

Acknowledgements

​https://twitter.com/sprocket_ed for his amazing sneaky_gophish repository
​Vincent Yiu for his support and guidance always
Last modified 1mo ago
Copy link