Gophish MODs

Modify Gophish to Bypass Detection

Was recently working on a Phishing Engagement. I always modified Gophish manually to evade detection. This time I thought of the principle, "Don't Do Anything Twice: When it Makes Sense to Automate" . Before I started manually typing scripts I searched github.com for gold (basically if someone else tried to do it). I found this amazing docker-compose file which does all of the things which I wanted to do.

So I'm stealing work? Probably yeah !! I dont want docker so I'll probably just extract useful content from the docker-container file and run it on my gophish server 🤷‍♂️

Acknowledgements

PreviousSharpLoginPrompt - Success and a Curious Case NextLong Live DMARC - Email Spoof issues

Last updated 3 years ago

#clone gophish
git clone https://github.com/gophish/gophish

#Get a Custom 404 Page
wget "https://raw.githubusercontent.com/puzzlepeaches/sneaky_gophish/main/files/404.html" -O "404.html"

#Get a Custom  Phish.go
wget "https://raw.githubusercontent.com/puzzlepeaches/sneaky_gophish/main/files/phish.go" -O "phish.go"

#copy Custom Phish.go
rm gophish/controllers/phish.go
mv phish.go gophish/controllers/phish.go

#Copy new 404.html
mv 404.html gophish/templates/404.html

cd gophish

sed -i 's/X-Gophish-Contact/X-Contact/g' models/email_request_test.go
sed -i 's/X-Gophish-Contact/X-Contact/g' models/maillog.go
sed -i 's/X-Gophish-Contact/X-Contact/g' models/maillog_test.go
sed -i 's/X-Gophish-Contact/X-Contact/g' models/email_request.go

# Stripping X-Gophish-Signature
sed -i 's/X-Gophish-Signature/X-Signature/g' webhook/webhook.go

# Changing servername
sed -i 's/const ServerName = "gophish"/const ServerName = "IGNORE"/' config/config.go

# Changing rid value
read -p 'Custom RID Parameter: ' uservar
sed -i 's/const RecipientParameter = "rid"/const RecipientParameter = "'$uservar'"/g' models/campaign.go



go build