Payload Delivery

Browser delivery

JSdelivery
python3 jsdelivery.py </path/to/file_to_deliver> > out.html

Web Cloning

Wget
wget [-l <recursion_max_depth_level>] -mkEpnp <url>

Web server

Nginx - Quick and dirty
        listen       80;
        listen       [::]:80;
        listen       443 ssl;
        server_name  _;
        root         /usr/share/nginx/html;

        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        location ~ ^/index.html {
                return 301 https://<domain>/;
        }

        location ~ ^/$ {
                return 301 https://<domain>/;
        }

        location ~ ^/<update>/(.*) {
                return 301 https://$host/<en-us/windows/update.html>;
        }
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
service nginx restart

Set CloudFlare in full SSL mode

Satellite

Tested in lab only !

Installation

Download the release : https://github.com/t94j0/satellite/releases

dpkg -i <satellite_X.X.X_linux_amd64.tar.gz>
systemctl start satellite

The configuration file is located here : /etc/satellite/config.yml

server_root: /var/www/satellite
listen: :443
index: /index.html
log_level: debug

not_found:
  redirect: <https://google.com>

server_header: <Apache/2.4.1 (Unix)>

geoip_path: /var/lib/satellite/GeoLite2-Country.mmdb

ssl:
  key: /etc/satellite/keys/key.pem
  cert: /etc/satellite/keys/cert.pem

Configuration - Full options : https://github.com/t94j0/satellite/wiki/Route-Configuration

File example : /var/www/satellite/phish.html.info

authorized_useragents:
  - "^Mozilla*"

exec:
  script: </my/path/exec.py>
  output: ok

on_failure:
  redirect: <https://google.fr>

File example : exec.py

#!/usr/bin/env python3
import sys
import os

req = sys.stdin.read()

if '<unique_pattern_in_req>' in req:
        print('ok')
	<do_some_stuff>

The python script output must be the same to the output value in the yaml file. Otherwise, it will be considered as a failure !

Log parsing

grep -a "level=info msg=request" /var/log/daemon.log