ReelPhish

A tool for 2FA and social engineering

Image

image-source: Freebuf

Phishing has always been the best medium for attackers to lure the victims and steal their critical data I.e. credentials. It has been rated as dangerous social engineering attack because of the data gained through it.

FireEye has recently released a tool for social engineering and two factor authentication which simplifies the real time phishing method.

What is 2 Factor Authentication?

Two factor authentication offers an additional layer of security to make the attacker’s life bit more difficult to get the victim’s credentials/accounts as only password won’t help them out. 2FA are always a good option rather than having single factor authentication. OTPs and push notifications are well known implementations of two factor authentication.

Though the irony is 2FA is also now not so secure because of real time phishing techniques as there is real time interaction happens between the attacker and the victim.

What is ReelPhish?

FireEye has developed a new tool called ReelPhish which eases out the phishing methods. It has been built to eliminate the risk of social engineering. The tool comprises of two components.

How it actually works?

The Primary component is designed to be run on attacker’s system. It contains the python script and which listens from the attacker’s phishing site and drives the locally installed browser using the selenium framework.

While the Secondary component embeds the code in the site and then sends the data containing victim’s credentials to the phishing which runs on the attacker machine. As it receives the information, original website is launched which is a legitimate phishing site developed by the attacker. This site is authenticated using the credentials and then the communication takes place over an encrypted SSH tunnel.

Image

image-source: FireEye

As per the researchers of FireEye, the victims can be tracked via the session tokens included in communication taking place between phishing site and ReelPhish. While performing the social engineering attack, a copy of real VPN portal’s HTML, Javascript and CSS is made. The same code is used to build a phishing site which acts like an original one.

You can download the tool from FireEye GitHub Repository.

RELATED ARTICLES

Image

4G LTE attacks

The attacks exploit design weaknesses in three key protocol procedures of the 4G LTE network known as attach, detach, and paging.

READ MORE
Image

Wifi Security Protocols

In today’s world Wi-Fi has become the essential thing in our daily routine. The wireless networks are also not secure in this digital age.

READ MORE