In our previous post, we introduced 5ELG (https://github.com/jomoza/5ELG)

This open-source project, with its modular “merca” (client-side) and “dealer” (server-side) components, offers a robust approach to tracking, data collection, and live monitoring, all within a customizable and scalable framework.

Today, we’ll take a closer look at the full potential of 5ELG, exploring its capabilities beyond basic tracking setups. From integration in security testing scenarios to its versatile callback server, 5ELG goes far beyond traditional fingerprinting tools. We’ll dive deeper into how you can deploy dealers across multiple environments, utilize its real-time monitoring dashboard, and configure advanced client-server data interactions.

The 5ELG dealer has outstanding versatility to integrate with a variety of advanced data collection techniques. The modular and adaptable structure of the dealer allows the tool to work in various contexts and facilitates the capture of information in scenarios where other methods might fail.

XSS, PHISHING, HTML TEMPLATES AND MORE…

XSS attacks allow the injection of code into legitimate sites that is then executed in the user’s browser. This context is ideal for integrating the 5ELG dealer, as with a simple embedded JavaScript ‘merca’ script, user data can be collected without relying on traditional tracking methods.

Callback Server for Any Data

The 5ELG callback server is designed to receive varied and flexible data. This means that, by injecting ‘merca’ through XSS, any data sent is automatically stored and processed, providing an open channel to receive user-specific information.

Hidden Vector Integration: The dealer can operate unobtrusively, without users detecting suspicious activity on the compromised site. Data collected in an XSS attack can include cookies, tokens, session information and browser-specific details, all centralised on the 5ELG callback server.

In phishing campaigns, the 5ELG dealer can be integrated into emails, landing pages or even attachments. The idea is to embed the ‘merca’ component (the data collection JavaScript script) in the content, so that, upon opening or interacting with the phishing message, it sends the victim’s information to the dealer’s callback server.

Manual dealers (PHP,ASP,JSP) allow you to configure the delivery of data to the 5ELG platform through simple endpoints.

Therefore, they can be distributed as scripts hosted on compromised servers or distribution networks, so that ‘merca’ sends the information to the dealer in real time.
Critical Information Gathering: Details of the browser, operating system, plugins, network features, screenshots and even the entire DOM of the page can be captured, providing a detailed view of the victim’s environment without the victim being suspicious.

If you’re curious about real-world use, you can check out a personal example of a dealer setup at loveisinthe.net/dealer/. This example demonstrates how to configure and operate a dealer to capture and process incoming data from tracked browser sessions.

Distribute to vulnerable or compromised sites to maximise collection reach. By placing a PHP dealer on a site, the dealer acts as a collection node, sending data to the main 5ELG instance.
Leverage Dealer Adaptability: You can configure the dealer to act in different ways (store to CSV or send in real time), giving you flexibility for scenarios where temporary storage or live reporting is needed.

All traffic and incoming dealer requests are visible on the dashboard in real-time, allowing for immediate analysis.You can manage multiple dealers in parallel, each configured for different campaigns or attack vectors, and the callback server will receive data from all of them, unifying them for a more effective review.

The 5ELG dealer, with its PHP configurations, is ideal for phishing campaigns, XSS attacks and distribution in compromised environments, where it can operate covertly and collect detailed data. With the callback server centralising all information, 5ELG offers a powerful and adaptable tool for data collection and analysis in offensive security scenarios.