In this video, you will learn how to accurately locate smartphones using social engineering through a tool called Seeker.
I will be showing you how to set up Seeker and locate smartphones that are outside the network. You can think of Seeker as a grabify alternative!
git clone https://github.com/thewhiteh4t/seeker
apt install python3 python3-pip php
pip3 install requests
The concept behind Seeker is simple, just like we host phishing pages to get credentials, why not host a fake page that requests your location like many popular location-based websites.
Seeker Hosts a fake website that asks for location permission and if the target allows it, we can get:
- Altitude – Not always available
- Direction – Only available if user is moving
- Speed – Only available if user is moving
Along with Location Information, we also get device information without any permissions:
- Unique ID using Canvas Fingerprinting
- Device Model – Not always available
- Operating System
- Number of CPU Cores – Approximate Results
- Amount of RAM – Approximate Results
- Screen Resolution
- GPU information
- Browser Name and Version
- Public IP Address
- Local IP Address
- Local Port
Automatic IP address reconnaissance is performed after the above information is received.
This tool is a proof of concept and is for educational purposes only. Seeker shows what data a malicious website can gather about you and your devices and why you should not click on random links and allow critical permissions such as location, etc.