Issue Date: 20 November 2019

RFQ Number:  2019-42

RFQ Name: Short-Term Technical Assistance (STTA) MiTM and Phishing Developer

Questions due by: 17 January 2020 23h00 UTC

Answers will be provided by: 21 January 2020 23h00 UTC

Closing Date for offers: 3 February 2020 23h00 UTC


The Information Safety & Capacity (ISC) Project invites written quotes from qualified individuals, organizations and/or firms for the service of a cross-platform application developer.


The Information Safety & Capacity (ISC) Project enhances internet freedom by improving the defensive cybersecurity capabilities of local partners in developing countries.


Problem: Numerous human rights defenders, activists and journalists have been taken infosec trainings and are mentored by Digital Security Specialists (DSS). Despite this, most of them are not patching their OS/digital tools when needed and they are not using encryption tools if needed. Indeed, these concepts can be abstract for them and our DSS should have an easy way to demonstrate the usefulness of patching OS/digital tools and encrypting communications.




  1. A monster-in-the-middle (MiTM) service which would enable a DSS to show, in real time, how vulnerable trainees’ unencrypted traffic is to surveillance;
  2. A phishing service which would enable a trainer to demonstrate to trainees how easy it is to use a none-patched security breach to steal information.

Requested Services

To achieve this solution, the ISC Project is requesting quotes for the development and delivery of a MiTM service and a phishing service.Specifically, the ISC Project seeks an individual or vendor to:

  • Develop the two services and;
  • Write the two services documentation.

Required Functionalities

The MiTM service will, at a minimum, incorporate the following functionalities:

  • Scan local WiFi connections;
  • Find out none-encrypted communications;
  • Intercept and expose in real time none encrypted communications.


The phishing service will, at a minimum, incorporate the following functionalities:

  • Penetration testing on a local network;
  • Use unpatched breach to take away information.


The two services must:

  • Run under Windows and MacOS;
  • Be in English, but easily skinnable into other languages including right-to-left languages (e.g. use Transifex as source for crowd-source-able skin translations);
  • be open-source using an approved license and a recognized forge to share the source code;


The format, content and phasing of the deliverables will be discussed with and approved by the management team. Proposed deliverables are listed in the table in this RFQ’s Section 3. The MiTM and Phishing Developer will report to and collaborate with the management team.

Period of Performance

This assignment is expected to begin o/a 20 January 2020 and be completed by o/a 31 July 2020.


Contact Us

Please feel free to drop us a line at: