Phishing is a very common attack which is used to steal sensitive information such as username, passwords, credit/debit card details, etc.
If you want to do phishing attacks, there are some plenty tools which helps you to do such attacks but there are certain limitations in these tools. Most of the time the phishing pages used in these tools are inaccurate which can be easily identified.
So to overcome this issue, there is a tool which helps you to do phishing attacks with accurate phishing pages and more features. In this post we are going to use a tool called 'SocialFish' - a python based tool for phishing attacks. We are using this tool in termux. So follow below steps to install this tool in termux.
Features of SocialFish -
- Real-time web page cloning
- Simple and interactive UI
- Easy to use
- You can get victim's device details and lot of information
- Track multiple attacks at a time.
Installation
1) First update all packages
$ apt update && apt upgrade
2) We need to install required packages
$ apt install python git
3) Now, clone 'SocialFish' repository from github
$ git clone https://github.com/Deadpool2000/SocialFish
4) Goto SocialFish folder
$ cd SocialFish
5) Now we need to install pip packages required for this tool
$ pip install -r requirements.txt
Usage -
1) To use SocialFish, run this command -
$ python SocialFish.py <username> <pass>
for e.g. python SocialFish.py root toor
Here 'root' and 'toor' are username & password. You can use any username & password.
2) After this, open your browser and goto this address and login -
0.0.0.0:5000/neptune
3) After this, you will see two input boxes -
1] The upper one is to clone the page which you want to use in phishing.
2] The lower one is to redirect to another link when a vicitim enter his credentials.
4) So in the first box, we will enter a URL which we want to clone. Here I am using Github's login page for phishing. So here I am gonna use this link -
'https://github.com/login'
5) Now in the second box, I am using a redirection link. When victim enters his login credentials on cloned github page, it will redirect to the redirected link. For this, I am using same link so victim thinks that it was an error. So again I am using 'https://github.com/login' for redirection.
6) Now click on the button as shown in the picture to make a phishing page -
7) Now go back to Termux and send this link to the victim as specified in the picture (IP address is hidden)-
8) As soon as victim click on the link and enter credentials,the phishing page redirected to original link.
9) Now refresh your browser, scroll down and click on 'View'. You will get some plenty information.
10) Here you can see username and password which filled by victim.
11) To stop this tool, use 'Ctrl + C'.
That's it.
If you have any problem regarding this post, leave a comment !
Also read -
Create metasploit payload easily in linux and termux
Fix 'repository is under maintenance or down' error in termux
How to install routersploit on Termux [2021]
0 comments:
Post a Comment
If you have any problem regrading this post, leave a comment !