Phishing Reporter - Outlook Plugin

by Abdulla
4 minutes
Phishing Reporter - Outlook Plugin

Report Phishing

is the act of giving normal users the trust to identify and easily report phishing emails to the information security team. Typically, once a user thinks an email is suspecious, the user click a button to magically report that email.

and?

Many companies are selling "Report Phishing" plugins for 💰. Your brother, Abdulla, likes to find make alternatives; therefore, I had to learn and develop a new custom Outlook plugin to fulfill my needs.

and .. How much?

FREE. 🤩

I leeched on many open source projects in the past to learn and enhance my personal projects; but now I can say I am happily contributing to this amazing community.

Features:

Many. Give me a few seconds to review the code ... Ok, main features are:

  • Auto-deletes suspecious emails once reported.
  • Append [POTENTIAL PHISH] to subject for automatic Outlook rules.
  • Extract and list the most important information in the report email such as email headers, URLs/Ips, domains, attachments hashes, sender details.
  • Removes hyperlinks from suspecious links. (https:// becomes https[:]// and so on).
  • Attaches original email to the report for further investigation.
  • Full integration with the Open Source Phishing Framework, GoPhish. Now you can see who reported a simulated phishing email sent by your information security team.
  • Two buttons for easy reporting. One in the "Home" menu. The second when you right-click an email.
  • Reports any bugs to a seperate support email without annoying the users.
  • Installer-ready: fast compile to EXE file, as all hassles were tackled already. Just follow the guide.

Screenshots:

Installation Wizard

After installing, you will notice these two buttons:

At top "Home" menu

When you right-click an email

When you report an email, a pop-up will appear for confirmation

A sample of the report email received by information security team

Before you start:

⚠️Verify that you have “Microsoft Visual Studio Installer Projects” component installed in Visual Studio. You can install it by going to “Tools” -> “Get Tools and Features
⚠️Make sure you build the project’s installer with the right TargetPlatform for your Office. If you have Office 32-bit installed, then compile the project as 32-bit. If you have Office 64-bit, then compile the project as 64-bit. You can do so by choosing Installer -> (from "Properties" menu) TargetPlatform -> x86 or x64

How-to Guide:

  1. Download the project and extract it.
  2. Double click "PhishingReporter.sln" to open the project using Visual Studio.
  3. From the top menu, if it is on "Debug" mode, change configuration to "Release".
  4. In the right menu, Open "Settings.settings" and go to "Settings" Tab.
  5. From there, change:
    • infosec_email: to your information security team.
    • gophish_url: GoPhish instance IP/URL, if you didn't host any, you can leave the default value. The plugin will still work.
    • gophish_listener_port: The port number of GoPhish listener.
    • support_email: Support email to auto-report any bugs. Should be for a teammate who maintains the plugin code.
  6. Save the file.
  7. Build the project. From the top menu "Build" → "Build PhishingReporter".
  8. In the right menu, Click "Installer" and change what you prefer on "Properties" Menu, I recommend to change:
    • Manufacturer, ManufacturerUrl, SupportPhone, SupportUrl
    • Generate a new UpgradeCode by clicking the "..." button then "New Code".
  9. [Optional] If you want to change the installation wizard splash screen:
    • Open "splash.psd" file using Photoshop, and design the splash screen you like.
    • Export the design by overwriting "splash.jpg" file in the main project directory.
  10. At the end, right-click "Installer" and choose "Build".
  11. The installer file should be located in "PhishingReporter\Installer\Release" folder.

Installation:

  • Manual:
    • Run "Installer.msi" file as administrator, and follow the steps.
  • Automatic
    • Using your preferred systems management software (such as SCCM): push Installer.msi file with the following command:
    • Installation: msiexec /i Installer.msi /qn /norestart
    • Uninstallation: msiexec /uninstall Installer.msi /qn /norestart

Integration with GoPhish:

This was tested with GoPhish v0.12.1 Windows version (download link)

  1. Download GoPhish and modify phishing server listen_url in config.json file.
  2. Run GoPhish server.
  3. In the project source code, Open "Settings.settings" and go to "Settings" Tab.
  4. Modify gophish_url and gophish_listener_port to match the values in Step #1.
  5. Take note of gophish_custom_header
  6. Build the project and compile the installer.
  7. In GoPhish portal, while setting up the Sending Profile, add the custom header from Step #5 with the value {{.RId}} and click Save Profile.
  8. Create a campaign and test the plugin's report feature.

Final thoughts:

This project took me many nights to research, design, program, and test. If you like it, please give this project a ⭐ on Github. Also, follow my Github Account. I release many amazing tools.

If you plan to use the plugin, please fill the 3 Questions survey.

Credits:

Main developer: Abdulla Albreiki

I reused some code from NotifySecurity project by Nicolas Chaussard