Phishing is one of the most effective ways to get access to an organization, however, creating a phishing campaign can be a daunting task, especially if your mail server ends up being blocked. For this reason, using cloud services to host our phishing framework and serve our phishing emails can be an excellent way to solve our problem.
For our phishing campaign, we can use Gophish, a phishing framework that makes it easy to test an organization's exposure to phishing. To start, you can download Gophish from the official site https://getgophish.com; then, extract and run gophish
.
To change the configuration, edit the config.json
file. In this recipe, I have changed listen_url
in the administration dashboard from 127.0.0.1:3333
to 0.0.0.0:3333
, which will allow us to create and launch a new campaign from our browser. Do not forget to change the default password of the administration page:
{ "admin_server" : { "listen_url" : "0.0.0.0:3333", "use_tls...