Hacker News new | ask | show | jobs
by chrissnell 2794 days ago
I wrote a tool in Perl, ages ago, that would generate random (but real-looking) information for phishing site forms and submit it as fast as the server would take them. You would tag fields with a type like "firstname" or "creditcardnumber", "ssn", etc., and it would do the rest. The credit cards even passed the CRC check.

The idea was that you would flood their valid data with bullshit data making it worth less to them. It was quite effective. Most skript kiddiez didn't know enough to stop me.
2 comments
jwcrux 2794 days ago
Nice! While Gophish is a personal project, as part of $dayjob I do security research.

Recently, I did some analysis on phishing kits at a pretty large scale that sounds like it’d be of interest to you [0]

[0] https://duo.com/assets/ebooks/phish-in-a-barrel.pdf

link
chrissnell 2794 days ago
I haven't looked at a phishing form in ages but I would bet that JavaScript has made the anti-phishing crusader's job more difficult.
link
DelTaco 2794 days ago
Ha, amazing! Did you end up unleashing it more than once?
link