Is it possible to stop phishing blacklisting?


(Zangi Name) #1

Is there an actual remedy to tackle sever blacklisting while phishing? I have got this phishing page which is office365 for business which is poorly coded, there isnt much antibots on the codes. my phishing link hardly last for an hour. I’m new to this community if anyone can direct me to the right direction to remedy this situation i will be very happy as this is the greatest challenge am facing right now trying to phish out passwords


(Command-Line Ninja) #4

(Command-Line Ninja) #5

(Command-Line Ninja) #6

I have seen that this post has been unlisted. However I have relisted as this could be used in a legitimate, whitehat scenario.

I am going to give you the benefit of the doubt and say you’re using this for legitimate, legal purposes, such as a red team engagement or a pentest.

In my day to day job, an occasional facet of my work is phishing users in campaigns. I totally understand your struggle with being discovered and reported. Multiple, legit pages, of mine have been taken down or blacklisted.

Here’s a few things I use to stop it happening:

  • If you’re straight up cloning, especially with Microsoft, watch out for their sneaky javascript includes. Some of their scripts, if not saved locally and reserved, will generate logs in Microsoft’s servers, and so they’ll nab you that way.
  • If you’re using free domains, such as those obtained from http://www.dot.tk/en/, then they will get found very quickly. Since they’re free, they usually get used for malicious purposes, and so there are bots continuously watching these domains.
  • Use subdomains, if your domain is “microsoft-online-free.myweirddomain.com”, you’ll be less likely to be picked up if your phishing page only responds to that.
  • Use bot-detection techniques, another thing you’ll notice is bots generally have a bot useragent, you can straight up block any user agent that doesn’t match your target, if you know your target uses Chrome on Windows, then only allow that.
  • Geo-block, is your target in a certain country, better yet, a certain area? If so, then block all traffic except from that location, say you’re doing an assessment for a company that is located in Arizona, you can geo-block all IP’s that don’t come from Arizona, easy right?

And if you can’t do any of this. Use evilginx, it does it all for you. https://github.com/kgretzky/evilginx2 Incredibly real, very good at blocking bots.

Hope this helps and provides value to those are who legitimately and legally trying to phish.