Improving dynamic phishing
When is the last time you received a phishing email? Did you ever fall for a scam campaign? Have your credentials already been leaked?
We continuously strive to improve software security based on a better understanding of the software risks and threats by implementing prototypes in dynamic languages. In this project, we want to shed light on different phishing schemes, their flexibility, and likelihood of being unnoticed by victims. Traditional internet surf sessions are non-deterministic: Highly dependent on the surfers' environment and mood, their web site visits become completely different and (almost) unpredictable. Therefore, such behavior requires phishing pages that can be built on demand.
State of the art
We built a prototype that can successfully phish most web sites on demand without any manual intervention. However, it still suffers from imperfections.
A few problems you'll be confronted with:
- Performance and reliability
- Synchronization of state
Your task is to further improve the existing phishing tool and to evaluate its performance within a safe environment.