In this article, we will see what is phishing? How dangerous is it? And how to use hidden eye to do phishing.
What is Phishing?
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
The core of phishing is Social Engineering, the success rate also depends only and only on human error. Suppose you got a link that asks you to login with your account and the link is suspicions there is a high chance that it will send your details to someone else and you may get phished.
Hidden Eye is one of the best tools available for phishing it also has features such as keylogger, ngrok support and much more.
git clone https://github.com/DarkSecDevelopers/HiddenEye.git chmod 777 HiddenEye sudo apt install python3-pip cd HiddenEye sudo pip3 install -r requirements.txt sudo pip3 install requests
Select the website you want to create a fake page for.
Select which you think will be most effective.
You can also enable a keylogger.
Enable / disable cloudfare protection.
You can also configure it to send captured data via email, I don’t recommend this option but you can setup it up if you want to.
Add link where you want the page to redirect after details are entered.
I am selecting ngrok so that the link can be available over WAN.
You are done with setup. Now send the link and enjoy phishing!
Now you can share the ngrok link with the target, as you can see below is identical to Instagram’s login page.
Now we have the victim’s user id and password.
You can also use any link or URL shortener to make the link less suspicious, but remember phishing is always about social engineering.