Muraena: An Advanced Phishing Proxy

Muraena: An Advanced Phishing Proxy

This guide provides a step-by-step process for installing and configuring Muraena, a tool that relies on Redis for data persistence and requires DNSMasq and SSL certificates for proper functionality.

1. Installing and Configuring Redis

Muraena depends on Redis for data persistence. Follow these steps to set up Redis:

1.Install Redis:

On Ubuntu, use the following commands:

sudo apt update
sudo apt install redis-server

Ensure Redis is running as a service:

sudo systemctl enable redis
sudo systemctl start redis

2.Configure Redis:

Open the configuration file:

sudo nano /etc/redis/redis.conf

Ensure the bind directive includes 127.0.0.1 (default setting) and disable password authentication by leaving requirepass commented out.

3.Verify Installation:

Test connectivity using the Redis CLI:

redis-cli ping

Expected output: 'PONG'.

Redis will now be accessible at tcp://127.0.0.1:6379 without SSL or authentication, as required by Muraena.

2. Configuring DNSMasq for Local Testing

DNSMasq is used to handle a custom top-level domain (TLD) for testing purposes, such as .muraena.

1.Install DNSMasq:

On Ubuntu, run:

sudo apt install dnsmasq

2.Edit Configuration:

Open the DNSMasq configuration file:

sudo nano /usr/local/etc/dnsmasq.conf

Add the following line to route .muraena domains to localhost:

address=/.muraena/127.0.0.1

3.Restart DNSMasq:

sudo systemctl restart dnsmasq

4.Verify Setup:

Test domain resolution using ping or dig:

ping anything.goes.to.muraena

This ensures that any subdomain under .muraena resolves to '127.0.0.1'

3. Generating SSL Certificates

Muraena requires SSL certificates for secure communication during testing or deployment.

Option A: Using mkcert for Local Certificates

For local testing, mkcert is an excellent tool for generating self-signed certificates.

1.Install mkcert:

On Ubuntu, run:

sudo apt-get install wget libnss3-tools -y
wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64
sudo mv mkcert-v1.4.3-linux-amd64 /usr/bin/mkcert
sudo chmod +x /usr/bin/mkcert
mkcert -install

2.Generate Certificates:

mkcert "*.muraena" muraena localhost 127.0.0.1 ::1

This creates .pem files for the certificate and private key.

3.Include Certificates in Muraena Configuration:

Update the configuration file with paths to the generated files:

[tls]
    enabled = true
    expand = false
    certificate = "./config/cert.pem"
    key = "./config/privkey.pem"
    root = "./config/fullchain.pem"

Option B: Using Let's Encrypt for Public Certificates

For real-world use, obtain a wildcard certificate from Let's Encrypt.

Install Certbot:

sudo apt update
sudo apt install certbot python3-certbot-dns-cloudflare  # Replace with your DNS plugin.

Generate Wildcard Certificate:

Use the DNS challenge method to verify domain ownership:

sudo certbot certonly --manual --preferred-challenges=dns \
    --email you@example.com --agree-tos \
    -d "*.yourdomain.com" -d yourdomain.com

Update Muraena Configuration:

Point to the obtained certificate and key files in the configuration file as shown above.

4. Final Steps

Start Muraena

Once Redis, DNSMasq, and certificates are configured, start Muraena as it will automatically handle its processes.

Testing Setup

  • Verify that domains under .muraena resolve correctly.

  • Ensure HTTPS works by accessing your phishing domain in a browser.

By following this guide, you can successfully set up Muraena with all necessary dependencies for both local testing and production environments. You can learn more and Download Muraenain GitHub.

Upgrade Your Cybersecurity Skills EHA: Learn 150+ Practical Cyber Security Courses Online With Life Time Access - Enroll Here

 

Back to blog