SSL Guide

Phishing Frenzy supports the ability to run your phishing websites over SSL. This means that your phishing campaigns can run over HTTPS. This has alot of advantages over HTTP which is obvious, but one of the largest is the ability to bypass many web proxy servers and firewalls that do not perform SSL stripping.

To take advantage of the SSL Support all that is required are the appropriate SSL certificate files. Phishing Frenzy only supports valid signed certificates from a CA which contains all 3 required files:

Your SSL registrar will require a Certificate Signing Request (CSR). This CSR is then used by the registrar to generate your chain and chain file.

$ openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

OpenSSL will prompt you with a number of questions for the CSR. The FQDN is the most important question to answer accurately. Once this runs successfully you will now have a CSR and key. Hold onto the key as this is required for Phishing Frenzy.

The CSR is a simple text file that you can open in any editor. Copy and paste the contents and provide it to the registrar when prompted so they can generate the certificate and chain. Once the registrar has provided you with the certificate and chain you now have all 3 required files to upload to the campaign.

Ssl options

Once you have uploaded your SSL files through the web interface your campaign is now ready to be run on HTTPS. The next step is to simply click the checkbox to make the campaign active. Once deployed your website is now secured of HTTPS.

Site ssl

No SSL Files

If you have attempted to enable SSL in the campaign but have not uploaded any certificates you will be notified to do so with the following error when atempting to activate the campaign.

Ssl errors

Invalid SSL Files

If you upload an invalid certificate file, key or chain you will be notified. The campaign will not be able to go active and you will be presented with an error message stating which file is not valid.

Ssl errors2