root on 18 May 2019 1 KB Minor Changes

SMShing implementation using GoPhish and Twilio SMS gateway

Replace email addresses with [mobile no]@gophish.sms

Thats pretty much it!


Mobile numbers must start with country code prefix e.g. +44 = UK 

SMS should contain less than 1600 characters otherwise will be split into multiple SMS's

Email template should be plaintext only, not HTML (this should be obvious)

Non-MMS, so dont use tracking image {{.Tracker}}

Email Opened - Actually means delivered (Response from Twilio API)

Clone this repo into /opt/GoSMS/

<u>**Setup Postfix**</u>

1) Tell postfix to use virtual alias db and virtual domains in **/etc/postfix/**:

	virtual_alias_maps = hash:/etc/postfix/virtual_maps, regexp:/etc/postfix/virtual_regexp

2) Add domain to **/etc/postfix/virtual_domains**

	echo "gophish.sms" >> /etc/postfix/virtual_domains

3) Redirect the email to a local user by adding to **/etc/postfix/virtual_regexp**:

	/^([^@]*)@gophish.sms$/ apache@localhost

4) Update **/etc/aliases** to redirect email addressed to the local user to a script:

	apache: "|/usr/bin/php -q /opt/GoSMS/SendSMS.php"

5) Rebuild aliases & restart postfix

	sudo newaliases; sudo postfix reload; sudo service postfix restart

<u>**Setup GoSMS**</u>

1) Set correct variables in config.php (should be self explanitory)

2) Make SMSResponse.php accessible from the web, a couple of ways of doing this:

2a) Store in webserver folder running on different port e.g. /var/www/html/SMSResponse.php with apache running on port 8888

2b) Run a simple PHP server from the /opt/GoSMS/ directory:

    php -S