🛡️ Domain Masking – How It Works & How to Use It

📘 What Is Domain Masking?

Domain Masking is a technique used to serve content from one website (called the target URL) through another domain that you control (called the mask URL). Visitors will only see the mask domain in the browser while the real content is being loaded from the target domain in the background.

This technique is used for white-labeling, phishing simulations, security research, branding, and cloaking.

🧩 Key Terms
✅ Mask URL

The mask URL is the domain you want visitors to see in their browser.

It’s typically your own domain or VPS/subdomain, like:

https://example-mask.com/

This is where you will upload the proxy files (proxy.php, .htaccess, index.html), and it will act as a cloak for the real site.

🎯 Target URL

The target URL is the actual website you want to show, but hide its true address.

For example:

https://example-target.com/landing-page

The masked domain will display the contents of this URL, but the browser will show:

https://example-mask.com/

—

⚙️ Example Scenario Field
Mask URL https://secure-branding.com/
Target URLhttps://example-storefront.com/promo

When someone visits https://secure-branding.com/, they will see the promo page from example-storefront.com, but won’t know that it's coming from there. The URL stays masked.

📦 How to Use the Masking Tool

1. Go to the Masking Generator Page on your panel.

2. Enter the following:

   • Mask URL: https://yourdomain.com/

   • Target URL: https://target-website.com/page

3. Click “Generate Masking ZIP”

The system will:

• Create a proxy.php file with the logic

• Include .htaccess rewrite rules

• Generate an index.html redirect helper

📁 How to Deploy

1. Upload the ZIP file to your hosting or VPS.

2. Extract its contents into the public_html (or root) folder.

3. Make sure proxy.php and .htaccess are both present.

🔐 Your server must support PHP & have cURL enabled.

✅ What Will Happen

• Visitors will access https://yourdomain.com/

• The server fetches content from https://target-website.com/page

• All relative links, images, styles, and JS are rewritten dynamically

• The real domain stays hidden from the browser

🔍 Advanced Features

• ✅ Auto-rewrites href, src, and action links.

• 🔄 Handles redirects by re-routing them through the mask domain.

• 💻 Inline JS rewriting to fix dynamic assets.

• 🧠 Cookie/session forwarding is included.

• 🛑 Error 502 handling if target site is down or blocked.

🧠 Real-World Use Cases

• Simulate phishing kits (red teaming)

• White-labeled portals

• Secure client previews

• Campaign cloaking

⚠️ Things to Remember

• Always use HTTPS in both mask and target URLs

• Do not use this on protected sites without permission

• Some sites with CSP, JS-heavy routing, or anti-bot protections may not render correctly

🆘 Need Help?

• 📞 Contact us on Telegram: @spamtoolsorg