Next Generation of Phishing Page using SocialFish
Phishing is the easiest way to get your password stolen, as it only takes one mistake to log in to the wrong website. A convincing phishing site is a key to a successful attempt, and tools to create them have become intuitive and more sophisticated. SocialFish allows a hacker to create a persuasive phishing page for nearly any website, offering a web interface with an Android app for remote control.
The Next Generation of SocialFish
While the previous versions of SocialFish were impressive, the latest update includes a clean web interface to create and manage phishing links. The shift to web-based interfaces for tools like Kismet has helped to make SocialFish more accessible to beginners, and the refined simplicity makes cloning nearly any website incredibly simple.
STEP 1. Download SocialFish
In a new terminal window, type the following commands to install the necessary dependencies, clone the repository, and run the set-up script.
apt-get install python3 python3-pip python3-dev -y
git clone https://github.com/UndeadSec/SocialFish.git
cd SocialFish
python3 -m pip install -r requirements.txt
STEP 2. Log in to the Web Interface
Now, let's create a web interface that will help manage our phishing links. To do this, open a terminal window and type the following to change into the SocialFish folder. Pick a username and password to log in to the web interface, and substitute that for the "youruser" and "yourpassword" fields.
cd SocialFish
python3 SocialFish.py youruser yourpassword
STEP 3. Select the Target to Clone
Inside the SocialFish portal, we can see some important information. At the top, we see the field for the website we want to clone, the website we want to redirect to, and the URL for our attack.
STEP 4. Select the Redirect Link
For our attack, we'll need to decide what website we want to clone. In this case, we'll pick twitter.com/login. To make things simple, we'll redirect back to twitter.com afterward. If they are already logged in, it will just look like a normal login was successful.
Enter the URL you want to clone and the URL you want to redirect to into their respective fields on the top right of the page. Click the lightning bolt to activate the link.
STEP 5. Deploy the Phishing Link
Now, in a separate browser window, navigate to the attack link — the link we would be serving to the victim during a real attack. You will be directed to a real-looking phishing site, and you can enter a username and password to test it.
STEP 6. Analyze the Captured Credentials
Back on the main menu, we can see that the number of captured credentials has gone up. We can also see that listed under "Successful Attacks" are a number of logs we can access.
Click "View" on the most recent log to see the credentials we intercepted. It should open a page that dumps the collected information in a format like below.
The Next Generation of SocialFish
While the previous versions of SocialFish were impressive, the latest update includes a clean web interface to create and manage phishing links. The shift to web-based interfaces for tools like Kismet has helped to make SocialFish more accessible to beginners, and the refined simplicity makes cloning nearly any website incredibly simple.
STEP 1. Download SocialFish
In a new terminal window, type the following commands to install the necessary dependencies, clone the repository, and run the set-up script.
apt-get install python3 python3-pip python3-dev -y
git clone https://github.com/UndeadSec/SocialFish.git
cd SocialFish
python3 -m pip install -r requirements.txt
STEP 2. Log in to the Web Interface
Now, let's create a web interface that will help manage our phishing links. To do this, open a terminal window and type the following to change into the SocialFish folder. Pick a username and password to log in to the web interface, and substitute that for the "youruser" and "yourpassword" fields.
cd SocialFish
python3 SocialFish.py youruser yourpassword
STEP 3. Select the Target to Clone
Inside the SocialFish portal, we can see some important information. At the top, we see the field for the website we want to clone, the website we want to redirect to, and the URL for our attack.
STEP 4. Select the Redirect Link
For our attack, we'll need to decide what website we want to clone. In this case, we'll pick twitter.com/login. To make things simple, we'll redirect back to twitter.com afterward. If they are already logged in, it will just look like a normal login was successful.
Enter the URL you want to clone and the URL you want to redirect to into their respective fields on the top right of the page. Click the lightning bolt to activate the link.
STEP 5. Deploy the Phishing Link
Now, in a separate browser window, navigate to the attack link — the link we would be serving to the victim during a real attack. You will be directed to a real-looking phishing site, and you can enter a username and password to test it.
STEP 6. Analyze the Captured Credentials
Back on the main menu, we can see that the number of captured credentials has gone up. We can also see that listed under "Successful Attacks" are a number of logs we can access.
Click "View" on the most recent log to see the credentials we intercepted. It should open a page that dumps the collected information in a format like below.
Comments
Post a Comment