ZADZ Education

Attribution: Freepik https://www.freepik.com
Attribution: Freepik https://www.freepik.com
Attribution: Freepik https://www.freepik.com
Attribution: Freepik https://www.freepik.com

Inspiration

Phishing is one of the most dangerous cyberattacks that this world has ever seen. Facebook, Instagram, Wells Fargo, Twitter, Bank Of America, and more companies have reported having thousands of their users manipulated using phishing tactics. Our mission is to assist in helping prevent this, by simulating the hacker's attacks themselves and teaching others how to combat them.

What it does

Our demo uses a Facebook login phishing page, and baits a user into entering their email and password. When a user inputs their information, it transfers to a python file that emails their information alongside a link to our website. The log-in button also redirects back to our website. Before usage, it takes the full consent of the user and gives the user a link to a temporary email, if they desire. The password bar intentionally is designed to not verify passwords, however the SHA-256 hashed password is sent back to the user over HTTP using Facebook's client encryption scheme.

How we did it

We took the Facebook login page source code for the phishing page and configured the login button to transfer the information in username and password to a python script which would email it to the user and redirect them. We used SVGs to create dynamic text, Flask and Gunicorn for dynamic page serving and SQLite for site statistics such as the number of successful pledges.

Challenges we ran into

Deploying the Heroku server was a challenge, because we migrated halfway through the project and none of us had experience with it before.

Our biggest accomplishments

Our biggest accomplishments were making the phishing page, attaching the login file information to a python file, creating the python emailing software, and creating the design of our website. This was the first ever hackathon for all for of us so we are proud of what we have accomplished.

What we learned

How to use Heroku, and how to create a phishing page and alter its code for our own educational purposes.

What's next for ZADZ Education

We will improve this project by enhancing mobile accessibility, including more phishing pages apart from our demo, simulating more forms of cybercrime, and expanding our project's reach, audience, and team.

Built With

Submitted to

StemWarriorHacks
- Winner Best Beginner Hack (2nd)

Created by

I primarily worked on the frontend development, and on creating the phishing website. But I also assisted with the backend development.

Zarik Khan
I worked on the front end development. Designing the landing and portals page.

Amanda Wallis
I wrote the flask app including the emails, login handling and jinja templating. I deployed the server and managed the SQLite database.

Zain Azam
rust <3
Diovanni You don't need to know

Updates

Zain Azam posted an update — Aug 16, 2021 11:44 PM EDT

google flagged our site as a real phishing page B)

Log in or sign up for Devpost to join the conversation.

Zarik Khan posted an update — Aug 10, 2021 08:23 PM EDT

This was everyone on my team's first hackathon, and this provided valuable experience and interest for future projects and hackathons. We're looking forward to taking ZADZ education to new heights, to create something that can become a dominant force against cyber-crime.

Log in or sign up for Devpost to join the conversation.

Zarik Khan started this project — Aug 08, 2021 07:38 PM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.