Edit: with reference to mmusket33's post #74:
Expanding the Phishing Ocean - Getting PwnStar9 to accept requests from HTTPS Sites
Having Pwnstar 9 accept requests from HTTPs sites in NOT a problem with Pwnstar9 coding. The problem is with Apache2.
Here is a method that has been tested to work on a kali-linux 1.09a hard drive install. After completion your phishing pages that previously could not be brought up by a https request like google will now be expressed in the clients computer.You will be able to receive both HTTP and HTTPS...
Hi Musket Teams, nice post.
Can you confirm this is still working on your current Kali hard drive install? I gave it a try & had to comment out the two 'Listen 443' lines from my /etc/apache2/ports.conf file in order to get apache to start (& run) without errors. I don't think it's working for me as any HTTPS traffic goes through normally, as if nothing has happened. For example, if the connected 'victim' went to https://www.mail.google.com/ they would continue on to that very page using HTTPS & not be served the WPA phishing page.
All HTTP traffic does get redirected to the WPA phishing page as we'd hope for, EXCEPT any 'suffixed' address, for example:
http://www.mydomain.com - works A-OK
http://www.mydomain.com/login/ - causes a 'Not Found' Apache error (The requested URL /login/ was not found on this server.).
Is there a way to at least get ALL HTTP traffic ('suffixed' addresses like the 'http://www.mydomain.com/login' example above) to be redirected to the WPA phishing page on our Apache web server?
Thanks again mate, aGx
