Apache mod_rewrite

Apache mod_rewrite provides a number of methods to strengthen your phishing and increase the resilience of your testing infrastructure. mod_rewrite has the ability to perform conditional redirection based on request attributes, such as URI, user agent, query string, operating system, and IP. Apache mod_rewrite uses htaccess files to configure rulesets for how Apache should handle each incoming request. Using these rules, you could, for instance, redirect requests to your server with the default wget user agent to a legitimate page on your target's website. Many of the techniques discussed on this blog can be combined to increase their effect.

Posts About mod_rewrite

Attack Infrastructure Log Aggregation and Monitoring -

Serving Random Payloads with Apache mod_rewrite -

Apache mod_rewrite Grab Bag - Using Apache mod_rewrite to hot-swap payloads, obfuscate payload file extensions, block non-standard HTTP methods, and use an alternate method to redirect requests for invalid URIs.

Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite - How to set up a Command and Control redirector to only allow Cobalt Strike's C2 through. Uses Apache's rewrite module to handle the filtering.

Expire Phishing Links with Apache RewriteMap - Use Apache's RewriteMap to perform advanced HTTP request redirection, such as expiring phishing links and round-robin redirecting users to payloads.

Combatting Incident Responders with Apache mod_rewrite - Tricks to slow down and impede incident responders investigating your phishing sites.

Operating System Based Redirection with Apache mod_rewrite - Redirect your phishing victims to different payloads or sites based on their operating system.

Invalid URI Redirection with Apache mod_rewrite - How to redirect users visiting non-existent file paths in your phishing infrastructure to a different site.

Strengthen Your Phishing with Apache mod_rewrite and Mobile User Redirection - An introduction to strengthening your phishing campaigns with Apache's mod_rewrite module. How to redirect mobile users to a mobile-friendly malicious website, such as a cred capture, while sending full workstations to a payload designed for workstations.

Additional Resources