azure function proxy (for phishing)
here are config files for using *[.]azurewebsites[.]net domain for phishing.
infrastructure setup:
azure function →
nginx redirector →
target framework (e.g. gophish)
the nginx redirector with the target framework stays hidden behind the azure function.
config files in this repo
- /azurefunction: folder for azure function deployment
- /azurefunction/OwaCheckIn: endpoint files for phishin
- /azurefunction/OwaCheckIn_track: endpoint files for tracking email opening (for gophish)
- /nginx: nginx configuration
- /nginx/sites-available/phish.conf: nginx redirector accepting azurefunction and forwarding to local (gophish) framework
azure function usage
with Azure Functions Core Tools.
local testing:
func start
deployment to prod with app name evil (after logging in with az login):
func azure functionapp publish evil
recommended sending profile
Microsoft 365 Business Basic for $5.00 user / month. ? Free or trial may cause issues, it won’t work as expected.
disclaimer
using is allowed only for educational and/or research purposes!
unauthorized phishing is prohibited.
