Creating Phishing Attack with Evil SSDP Server

Hello welcome to my new article today I am going to show you how to create a malicious SSDP server in less than 3 minutes.
A SSDP server is responsible for searching for devices and in this case we create a fake device and tricked to make believe that we have an active device, that’s when they try to access our device immediately redirects the victim to a web server where you try to get your credentials with social engineering where we pretend to be a login from a router or IoT device.

To make this attack we will use a very well known tool in this blog with several articles using this tool and today we are going to use it again.

The tool is called On the Fly and this this its Github repository:

It is very easy to install and now you can quickly see how to install this tool developed with Python.

Server

Once we have the On the Fly console, we have to load the module to make this attack, this can be done with a very simple way with only this command:

You can configure this server and the options from the SSDP Server with command show.

To do this attack only I change the name, but you can modify the port, path, model and more…

Now I run…

Okey, if i visit this “Device webpage” i don’t see anything, im thinking in local machine are bugged, but now it’s time to victim (Windows 10 Educational)

Victim

I open Windows 10 machine, in this machine i go to network in file explorer:

Im seeing my Fake Server!

I click on it…

Once we are at this point, we will see that clicking on the fake server redirects us to a web page that can be customized, in this case this one:

URL:

WebPage:

On the other hand in our attacker machine we see all the web requests that our server receives, in this case it has received these:

But that’s not the best part, the best part comes when the victim fills in the username and password fields:

So in this case this fake server would turn out to be a very elaborate phishing attack.

So far today’s article, I think it is a good article with an interesting and very original attack, I hope you liked it.

If you enjoy my content and would like to help me take this project to the next level, you can become a member by donating a monthly subscription. Your support will help me continue to create high-quality content. Thank you for your generosity!

If donating is not possible for you at this time, no problem at all! Your support in sharing my project and spreading the word is greatly appreciated. I will continue to create and share my work regardless, and I am grateful for your encouragement and interest.

If you want to support me you can check my main Medium Profile and see all the articles! Follow and support it!. This are the link:

Related posts:

Resigning from a job can be a difficult decision, and the process of writing a resignation letter can be stressful. However, it is critical to approach the situation in a professional and courteous…

Ecommerce and dropshipping are two distinct approaches to online retail, each with its own advantages and considerations. Understanding the differences between the two models is essential for…

Can we fix what happens tomorrow today? No, but we can prepare for it. So, we worry, right? Sure we do. We play a neverending game of, “What if” that we can never win. Let’s face it, we can “what if”…