Installing Phishing Frenzy on Kali Linux
Clone Repo
Clone the Phishing Frenzy repository using git
# git clone https://github.com/pentestgeek/phishing-frenzy.git /var/www/phishing-frenzy
Install RVM, Ruby and Packages
$ \curl -sSL https://get.rvm.io | bash
At the end of the installation listen to any post install instructions for RVM
Install Ruby 2.1 with RVM
$ rvm install 2.1.5
Install rails
# rvm all do gem install --no-rdoc --no-ri rails
Install mod_passenger for Apache
# rvm all do gem install --no-rdoc --no-ri passenger
Install Passenger
Invoke the passenger installation script
# passenger-install-apache2-module
Installer stated that I was missing a few apache dependencies
# apt-get install apache2-threaded-dev libapr1-dev libaprutil1-dev libcurl4-openssl-dev
Invoke passenger installation script again now that dependencies are installed. Once the Passenger install has completed, ensure you pay attention to the notes and the end. You will need to add 3 lines of text to your /etc/apache2/apache.conf
file.
# passenger-install-apache2-module
Install packages we need for MySQL to bundle properly
# apt-get install libmysqlclient-dev
Apache VHOST Configuration
Add Include Statement to apache2.conf and create the file /etc/apache2/pf.conf
Include pf.conf
Add content to pf.conf file
<IfModule mod_passenger.c> PassengerRoot %ROOT PassengerRuby %RUBY </IfModule> <VirtualHost *:80> ServerName phishing-frenzy.com # !!! Be sure to point DocumentRoot to 'public'! DocumentRoot /var/www/phishing-frenzy/public RailsEnv development <Directory /var/www/phishing-frenzy/public> # This relaxes Apache security settings. AllowOverride all # MultiViews must be turned off. Options -MultiViews </Directory> </VirtualHost>
Uncomment out the line # NameVirtualHost *:443
inside of /etc/apache2/ports.conf
to allow SSL Phishing sites to render properly
MySQL
Ensure mysql is running
# service mysql start
Login and create tables and permissions for phishing frenzy development mode
# mysql -u root -p mysql> create database pf_dev; mysql> grant all privileges on pf_dev.* to 'pf_dev'@'localhost' identified by 'password';
Install Required Gems
# cd /var/www/phishing-frenzy/
# bundle install
If your web application fails to run because it states your missing a gem, you may need to run
# bundle install --deployment
# rake db:migrate
# rake db:seed
Install Redis
# wget http://download.redis.io/releases/redis-stable.tar.gz
# tar xzf redis-stable.tar.gz
# cd redis-x.x.x/
# make
# make install
# cd utils/
# ./install_server.sh
If you would like to bind redis to the loopback interface checkout redis documentation for more details
Sidekiq Configuration
Create a tmp directory for sidekiq pid
# mkdir -p /var/www/phishing-frenzy/tmp/pids
Start the sidekiq server to interact with redis
# bundle exec sidekiq -C config/sidekiq.yml
If you would like to Daemonize your sidekiq process take a look at this great article here which gives an example init script so you can start the sidekiq service on reboot and interact with it like any other typical nix service
Example of how you may interact with service when configured with init script.
# service sidekiq start # service sidekiq status # service sidekiq stop
System Configuration
Edit the sudoers file to ensure the www-data account can reload apache
www-data ALL=(ALL) NOPASSWD: /etc/init.d/apache2 reload
Load the Efax and Intel default templates for PF using the rake helper
# rake templates:load
Change ownership of phishing-frenzy directory so apache has proper access
# chown -R www-data:www-data /var/www/phishing-frenzy/
Change permissions on the upload directory
# chmod -R 755 /var/www/phishing-frenzy/public/uploads/
Change ownership of sites-enabled directory to allow Phishing Frenzy to manage virtual hosts with Apache
# chown -R www-data:www-data /etc/apache2/sites-enabled/ # chmod -R 755 /etc/apache2/sites-enabled/
Start Apache web server
# apachectl start
One of the first things you'll want to do within the application is navigate to Admin
-> Global Settings
to configure the Application Site URL. This is a critical piece that needs to be accurate to properly track user clicks.
Default Credentials
Phishing Frenzy is configured with a default login of:
username: admin password: Funt1me!
Configure HTTPS / SSL
If you would like to run your Phishing Frenzy web UI over HTTPS you can do that with a few additional changes.
Run a few commands to enable the SSL module in apache and create a directory to store the cert and key.
$ sudo a2enmod ssl
$ sudo service apache2 restart
$ sudo mkdir /etc/apache2/ssl
Create our self signed cert using openssl
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/pf.key -out /etc/apache2/ssl/pf.crt
<IfModule mod_passenger.c> PassengerRoot %ROOT PassengerRuby %RUBY </IfModule> <VirtualHost *:443> ServerName phishing-frenzy.com SSLEngine on SSLCertificateFile /etc/apache2/ssl/pf.crt SSLCertificateKeyFile /etc/apache2/ssl/pf.key # !!! Be sure to point DocumentRoot to 'public'! DocumentRoot /var/www/phishing-frenzy/public RailsEnv development <Directory /var/www/phishing-frenzy/public> # This relaxes Apache security settings. AllowOverride all # MultiViews must be turned off. Options -MultiViews </Directory> </VirtualHost>
Update the Application Site URL
within Global Settings
menu to the appropriate FQDN with the HTTPS address with SSL enabled.
Browse to your FQDN and Enjoy Phishing Frenzy. Checkout the guide on how convert your application to rails' production mode