Safelogin.co

by {"login"=>"averagesecurityguy", "email"=>"stephen@averagesecurityguy.info", "display_name"=>"averagesecurityguy", "first_name"=>"", "last_name"=>""}

One of the things I love about the Infosec community is building on other people's work and having them build on mine. My friend @tatanus from Seeds of Epiphany saw my Phishing with Webscript.io post and decided to take it to a whole new level.

If you need to setup a phishing campaign quickly, then checkout safelogin.co. You need to agree to the terms of service, provide a website to phish, and a name for your phishing site; safelogin.co will do the rest.

After you enter your data safelogin.co will provide you with two links. The first is for the phishing site and the second is where you can pickup your harvested credentials.

The phishing site has a simple CSS popup box that asks for credentials and has a picture or iframe of the actual site in the background. Once the credentials are entered the victim is redirected to the actual site.

And here is the data collected during the phishing campaign.