Safelogin.co

Posted on November 14, 2012 | 1 Comment

One of the things I love about the Infosec community is building on other people’s work and having them build on mine. My friend @tatanus from Seeds of Epiphany saw my Phishing with Webscript.io post and decided to take it to a whole new level.

If you need to setup a phishing campaign quickly, then checkout safelogin.co. You need to agree to the terms of service, provide a website to phish, and a name for your phishing site; safelogin.co will do the rest.

After you enter your data safelogin.co will provide you with two links. The first is for the phishing site and the second is where you can pickup your harvested credentials.

The phishing site has a simple CSS popup box that asks for credentials and has a picture or iframe of the actual site in the background. Once the credentials are entered the victim is redirected to the actual site.

And here is the data collected during the phishing campaign.

About these ads
This entry was posted in Just For Fun, Pentest, Social Engineering and tagged , , . Bookmark the permalink.

One Response to Safelogin.co

  1. Adam Compton (tatanus) | November 14, 2012 at 10:47 am | Reply

    awesome write-up. It is better than mine!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s