HiddenEye – The All in One Phishing Solution
In this article, we will see what is phishing? How dangerous is it? And how to use hidden eye to do phishing.
What is Phishing?
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
The core of phishing is Social Engineering, the success rate also depends only and only on human error. Suppose you got a link that asks you to login with your account and the link is suspicions there is a high chance that it will send your details to someone else and you may get phished.
Hidden Eye is one of the best tools available for phishing it also has features such as keylogger, ngrok support and much more.
Installation:
git clone https://github.com/DarkSecDevelopers/HiddenEye.git chmod 777 HiddenEye sudo apt install python3-pip cd HiddenEye sudo pip3 install -r requirements.txt sudo pip3 install requests
Running Hiddeneye:
python3 HiddenEye.py
Select the website you want to create a fake page for.
Select which you think will be most effective.
You can also enable a keylogger.
Enable / disable cloudfare protection.
You can also configure it to send captured data via email, I don’t recommend this option but you can setup it up if you want to.
Add link where you want the page to redirect after details are entered.
I am selecting ngrok so that the link can be available over WAN.
You are done with setup. Now send the link and enjoy phishing!
Now you can share the ngrok link with the target, as you can see below is identical to Instagram’s login page.
Now we have the victim’s user id and password.
You can also use any link or URL shortener to make the link less suspicious, but remember phishing is always about social engineering.
You may also like
Bypassing OTP – Part 2
zSecurity Aqua CTF Official Walkthrough
Network Topologies & Its Types
Leave A Reply
You must be logged in to post a comment.
58 Comments
I don’t get anything after I choose ngork 🙂
Have you installed ngrok ???
No please tell us how to install that.
You can visit this website https://ngrok.com/ or wait I am already writing the next article on ngrok
Mind asking me how can we manually install NGROK?
You can visit this website https://ngrok.com/ or wait for some time I am already writing the next article on ngrok
When i use ngrok it is showing me too many connections plz solve it sir
In a different terminal type in
ngrok http 127.0.0.1:(forwarded hidden eye port number)
then click enter
then copy the link that looks like: http://************.ngrok.io
And then send it to the victim
This is setup fairly similar to SEToolkit Credential Harvester. Basically, you are simply giving the script a place to post to the credentials to the phishing attack gets from the fake url, which ngrok makes a clear route for the localhost server to post to. You can definitely go outside the LAN and use NOIP or something like it to hide your real IP and route back to because your script will send from any remote host back to any IP as long as there is no blocked port.
Same happens to me sir ngrok not giving any links i did installation
Try git clone again after a couple of days
Hidden eye might have bugs in their latest update
But they will remove bugs in new update
Can’t get any links… though I installed ngrok
Try git clone again after a couple of days
Hidden eye might have bugs in their latest update
But they will remove bugs in new update
How to use hiddeneye reborn
It’s not working in NGROK server and will only work if the victim disable all the anti-virus or else 403 forbidden error will pop-up
Can you please tell me on which browser or operating system you are opening the phishing link
On my virtual machine windows 10 and on my host machine, and I’m using it in chrome and explorer
Hi I do get the link but it works online if the victim is connected to the same internet network as I am so how do I send the link to the person not using the same internet connection as me
NGROK ain’t giving out any link!
sudo pip3 install -r requirements.txt
i get “sudo: pip3: command not found” error
sudo apt install python-pip
try this command
Want to port forward to this process ?
No it is not needed
Hi
Thanks but i get the next issue
E:Unable to locate package python-pip
Make sure that your sources are correct, so do
leafpad /etc/apt/sources.list
Remove everything and past the following lines:
deb http://http.kali.org/kali kali-rolling main contrib non-free
deb-src http://http.kali.org/kali kali-rolling main non-free contrib
Save and quit then do
apt-get update
apt-get update –fix-missing
apt autoremove
Then try installing pip as follows:
apt-get update
apt install python-pip
apt install python3-pip
Please don’t hesitate to contact if you need anything else.
Hey buddy I am getting links but only the victim connected to the same network can see the clone page so how do I send the link to the person who is not connected to the same network as I am
hy i have sucessfully generated the link and it,s working (Special thanks). Now i want to ask how i can again get the connection of my generated link. For example after sending the link to someone after few days i want to seee the list of victims then how can i open that hinnden eye terminal .Thanks Again
Everytime you will get new ngrok link.
Hello, i realized that this does not work outside the network. How do i make the ngrok link work for a victim that is not in the same network with me ???
All ngrok links can be used over internet
Please try again
No the links provided by the Hidden Eye Does’t work ouside of the network . i creake a link and then send to my friend then the link does’t open on his mobile . He was using chrom browser
can you give me a lesson or help in the installation and testing of hidden eye?
Sir it’s same issue we r using 2020 version
Tunnel a8fejdhs.ngrok.io not found
After getting link and visit it shows this – Tunnel a8fejdhs.ngrok.io not found
Please try again one more time
Tanishka.. I think you need to try it out yourself. The links created by hidden eye works for only users within same network . If there is a way to make it work outside the network, it would be great
Rocky
Ngrok links are used for WAN since you cannot make your own computer a server
Please try again
I have used hidden eye for months and that’s why I have suggested it
Thanks
Sir I created everything but the problem is the links or not working in normal Google search in any other servers I’m using 2020 version sir please help me out of this sir
Can you please elaborate the problem a little bit
I created a link in hidden eye but it is not working in normal browser so please help me out of this sir
I belive that hidden eye have updated it’s repo that’s what causing the error try again after same days hope they remove this bug
Hello there,
For this to work should the victim be connected to the same network as mine?
No it doesn’t. I’m using a NAT Network and was able to use one of my external computers to log in, using a different network entirely, and it worked fine with Hidden Eye picking up on the credentials and device details.
Hey !
i’m also using NAT Network but when i open the link on anyother device which is connected to another network then the link doesn’t work and shows “too many connections”.
Sir i sucessfully generated a link. and i had sent a link to victim but if he login in a 4 5 days and for me it is not possible to open that terminal 24/7 so then how can i open that same link again ??plss help
How can we generate a link, if we want to send it to someone with a different internet connection? The link which is generated works only if the person is browsing in the internet connection.
I am having the same issue
I attempted to install Hidden Eye but get the following error:
fatal: unable to access ‘https://github.com/DarkSecDevelopers/HiddenEye.git/’: Could not resolve host: github.com
I’m getting problem in installing wine
Wine: Depends: wine64 (>=5.0-4) but it is not going to be installed or wine32 (>=5.0-4)
Depends: wine64(< 5.0-4.1~) but it is not going to be installed or wine32 (5.0-4.1~)
That is really cool! But some people will see at the link and they can tell that this is a Phishing Link, So for that what can we do?
Hey buddy for that you can use bit.ly or tinyurl
I am not getting ngrok link! It says ngrok links, but after sometime Program Crashes
Which method are you using 1.Local Host
2.Ngrok
3.Serveo?
Ngrok is the method i am trying to use!
It’s showing me internet disconnected
How can I resolve this
Sir ngrok is showing me some kind of error ..
Traceback ( most recent call last)
Like this ..help
this error comes while running hiddeneye how to install ngrok means i have already registered in ngrok but how to give authtoken? and where ?
Traceback (most recent call last):
File “HiddenEye.py”, line 45, in
server_runner.server_selection(port)
File “/opt/HiddenEye-Legacy/Defs/ActionManager/Server/server_runner.py”, line 64, in server_selection
NgrokController().establish_connection(port=port)
File “/opt/HiddenEye-Legacy/controllers/ngrok_controller.py”, line 32, in establish_connection
self._model.connect(port=port, name=’HiddenEye Connection’, pyngrok_config=self._config_path)
File “/usr/local/lib/python3.7/dist-packages/pyngrok/ngrok.py”, line 176, in connect
api_url = get_ngrok_process(pyngrok_config).api_url
File “/usr/local/lib/python3.7/dist-packages/pyngrok/ngrok.py”, line 126, in get_ngrok_process
ensure_ngrok_installed(pyngrok_config.ngrok_path)
AttributeError: ‘str’ object has no attribute ‘ngrok_path’
I got this error even after setting auth key
Traceback (most recent call last):
File “HiddenEye.py”, line 45, in
server_runner.server_selection(port)
File “/opt/HiddenEye-Legacy/Defs/ActionManager/Server/server_runner.py”, line 64, in server_selection
NgrokController().establish_connection(port=port)
File “/opt/HiddenEye-Legacy/controllers/ngrok_controller.py”, line 32, in establish_connection
self._model.connect(port=port, name=’HiddenEye Connection’, pyngrok_config=self._config_path)
File “/usr/local/lib/python3.7/dist-packages/pyngrok/ngrok.py”, line 176, in connect
api_url = get_ngrok_process(pyngrok_config).api_url
File “/usr/local/lib/python3.7/dist-packages/pyngrok/ngrok.py”, line 126, in get_ngrok_process
ensure_ngrok_installed(pyngrok_config.ngrok_path)
AttributeError: ‘str’ object has no attribute ‘ngrok_path’