How to pass anti phishing software in browsers

[650m]

Hi guys,


dont know if this is the right thread and i didnt found anything relating my question...


how can i pass the build in anti phishing software in browsers like in google chrome?




my phishing page always gets blocked by chrome, IE and firefox allow it

[M1lak0]

Are you sure its done by your browser?? Because its the AV who does or the place where you are hosting..! I neva see or neva came across any of the plugin which does this as you havn't even added any plugin.. Check once again what is blocking and what is happning!

[650m]

thanks for the answer...i guess you mean antivirus when you said av, right?




edit:
i am pretty sure that chrome itself is blocking the site
https://www.google.com/transparencyreport/safebrowsing

[khofo]

Are you sure its done by your browser?? Because its the AV who does or the place where you are hosting..! I neva see or neva came across any of the plugin which does this as you havn't even added any plugin.. Check once again what is blocking and what is happning!

No Chrome does block phishing sites, but only poor made ones (Copy/Paste HTML on free host like 000webhost and a tiny script to retrieve the email + passwd or whatever)however it doesn't detect phishing made with se-toolkit or any advanced phishing website

[650m]

No Chrome does block phishing sites, but only poor made ones (Copy/Paste HTML on free host like 000webhost and a tiny script to retrieve the email + passwd or whatever)however it doesn't detect phishing made with se-toolkit or any advanced phishing website

im relatively new to this topic, no wonder that the sites gets blocked


i also looked into xss, which is still a bit confusiong to me but i got the point


can anyone post a link for some good phishing guides?

[khofo]

im relatively new to this topic, no wonder that the sites gets blocked



i also looked into xss, which is still a bit confusiong to me but i got the point


can anyone post a link for some good phishing guides?

Phishing doesn't need any special guide don't bother creating complicates scripts or modifying HTML code just use SET,
Social Engineering Toolkit it automates phishing and gives it an easy look (I had a video tuto on youtube but it got removed cz I gave Facebook as example), SET is integrated in most security distros under, se-toolkit and can be downloaded easily
Here is the link to the website: https://www.trustedsec.com/downloads/social-engineer-toolkit/

[650m]

sounds good, the thing is that i already got a modified website, so nothing you could easily clone from the original website


is this also compatible?

[khofo]

I think u can import your own website but since I never used used this option I am not sure. Set is extremely easy to use a 10yr old kid can do it: they give u choices and U just have to click on the number corresponding to your choice and this on multiple steps:)

[650m]

ok, i will look into it - what about Hosting?

i tried phpnet.us, but after one day the site is offline

i also secured my site with an extra .php script which reveals the original site online if the correct code was entered in the URL
otherwise it will just show "404"

the original .html files were reneamed to .jpg

so im wondering how the crawler could reveal the phishing site


which free hosters are good for hosting phishing sites? i know there are alot of topics for this question , but domains like 000webhosting and co. are just to suspicious.

[M1lak0]

Hack a site n use it for phishing.. I hacked more than 30 accounts in 2days.. Using some diff SE trick..

[Deque]

Sorry, guys, but I will lock this topic for further discussion what to do with it. The content is drifting to assistance in illegal activity. You get notice about the decision later. Promised.

-temporarily locked-

[Deque]

Reopened.

[650m]

Reopened.

Thank you, this discussion is not for illegal purpose

So I tried encoding the page with Base64 - useless

-->google chrome runs every site in sandbox mode to test it
So I'm just wondering which method would bypass it