Phishing is one of the most common problems for Internet Users, hackers find a new innovative method to create believable URL’s to trick users. According to Google research, more than 15% accounts hijacked by using these social engineering methods.
With Recent Google research, they found 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on black market forums.
In this Kali Linux Tutorial, we are to introduce phishing_catcher that catches Phishing domain SSL using Live stream.
Also Read: DEFCON -2017 Hackers Presentation Complete PDF Lists with Advance Hacking Techniques
How it works
CertStream is an intelligence feed that provides you real-time data feed that fetched from the Certificate Transparency Log network aims at increasing safety with TLS certificates. Most importantly CT was put in the place to defend mis-issuance.
It allows you to use it as a building block to make tools that react to new certificates being issued in real time.
To install Phishing catcher use the following command
git clone https://github.com/x0rz/phishing_catcher.git
Then you need to install the following the following python packages installed: certstream, tqdm, entropy, termcolor, tld, python_Levenshtein.
pip install -r requirements.txt
Then to execute run the following command.
python catch_phishing.py
In the list, we can see how it can exfiltrate the data based on the suspicious score.
Author: x0rz
Advantages
Early detection of misissued certificates, malicious certificates, and rogue CAs.
Faster mitigation of suspect certificates or CAs is detected.
Better oversight of the entire TLS/SSL system.
