ReelPhish – Real-Time Two-Factor Phishing Tool

Multi-factor authentication is not anymore an innovation. Today we still have this protection measure as an option on most online services to protect valuable information. we can find in the market a hardware token that is a little bit expensive such as RSA token or virtual MFA such as Google Authenticator that you can install on your phone device and will generate passcoede allows you access your account. Normally passcode will be valid for 30 seconds up to 1 minute and this is subject to phishing attack. If you are looking to attack 2FA you can check ReelPhish.

ReelPhish consists of two components: the phishing site handling code and this script. The phishing site can be designed as desired. Sample PHP code is provided in /examplesitecode. The sample code will take a username and password from a HTTP POST request and transmit it to the phishing script.

The phishing script listens on a local port and awaits a packet of credentials. Once credentials are received, the phishing script will open a new web browser instance and navigate to the desired URL (the actual site where you will be entering a user’s credentials). Credentials will be submitted by the web browser. The recommended way of handling communication between the phishing site and this script is by using a reverse SSH tunnel. This is why the example PHP phishing site code submits credentials to localhost:2135.

ReelPhish - Real-Time Two-Factor Phishing Tool

ReelPhish – Real-Time Two-Factor Phishing Tool

ReelPhish supports multiple authentication pages.

For example, in some cases a two factor authentication code may be requested on a second page. To implement this feature, be sure that –numpages is set to the number of authentication pages. Also be sure that the session ID is properly tracked on your phishing site. The session ID is used to track users as they proceed through each step of authentication.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments