Hello Everyone,
This is Qirit0 and i am back with a new post for you. Today’s post will be about Phishing.
So, Phishing is one of the Social-Engineering attacks which is carried by network testers or Hackers with a sole intention of sniffing the Passwords and UserName from the User.
Imagine you want to LogIn to your Favorite Social Networking site and when you enter your MailID and Password, your credentials are getting forwarded to the hacker.
For Phishing, a identical web page is created by a Hacker which looks exactly same as the original WebPage but at the back hand, scripts written are MALICIOUS.
Here, user receives a URL and is asked by the Hacker to visit the URL. So when he clicks on the URL, a phishing page is already hooked waiting for the user to enter his/her credentials.
Phishing is one of the common attacks which is carried by Hackers for breaching out Securities of Big companies. Attacker here buys the similar looking domain and enables the mass port forwarding for the Employees to get redirected on the Fake WebPage.
Today we will be carrying out a small scale Phishing Attack using Social Fish on Kali Linux Operating system.
LETS GO-
- First open up a Terminal and clone the SocialFish repository for the given link as :
git clone https://github.com/itz-8infinite/SocialFish
- Now as SocialFish is cloned in your system, get into the path by typing :
cd SocialFish
ls -l
- Now its time to install some of the requirements for the SocialFish. Here, the repository needs python3 for the compilation of the entire directory.So type :
sudo apt-get install python3-pip php unzip -y
{as i’m installing it for second time you can see my files are getting updated. So when you install it for first time you will see the codes as downloading some files.} - Here, you install the requirements.txt file by using command :
sudo pip3 install -r requirements.txt
In your case, you’ll get some tools downloaded that is screen will look a bit different - Type :
chmod +X SocialFish.py
The command makes the .py file executable i.e. it provides the necessary permission to run the File
- Then type :
python3 SocialFish.py
- After this much your SocialFish is all good to start.
- Now you can select ‘S’ for getting pages for Social Networking Sites and ‘O’ for other websites as GitHub,Wordpress,etc. Here i will go for ‘ S ‘ to check on Social Networking Sites.
- In the above example i selected Instagram so i had to enter the command as 5.
Under redirecting URL: s*********n.tk
(Link which you want your Page to redirect after pressing the submit button) - Thats all. Copy the link which Ngrok gave you under ‘Ngrok URL: ‘
(in my case https://29e88630.ngrok.io) and forward it to the User you want to Hack credentials from.
And he/she will get the Instagram page in his/her browser which is Malicious.
- I entered my LogIn Details to demonstrate the view. The same was recorded in my command-shell.
{as i’m installing it for second time you can see my files are getting updated. So when you install it for first time you will see the codes as downloading some files.}
That is all. You have user name in ‘<user>’ tab and password in ‘<pass>’ tab.
You can mask your URL to avoid the suspicious by lots of ways:
1. You can use No-IP ().
2. Usage of various URL shorteners such as Google Url Shortener or bitly.com.
3. You can refer my previous post on IDN Homograph attack.
That’s all to it. Any Error or any help or any feedback, you can share in comments or mail me for the same
THANK YOU
Be First to Comment