AdvPhishing tool is the latest phishing technique in which you can easily access social media accounts of users . there are many type of tools like this but in this tool you can access social media accounts of user even if if two-factor authentication is activated. with the help of this tool not only you can access social media accounts, but you can access many more important accounts like :
Popular Payments Sites :
- Paytm
- Paypal
- PhonePay
Popular Food Webpages :
- Zomato
- Uber-Eats
Declarations : This article is posted only for educational purpose to spread awareness among people from being trapped in Phishing attack.
Soical Engineering
Social engineering is one of basic attack in which we can execute our plan with minimum efforts. social engineering as one of the simplest methods to gather information about a target through the process of exploiting human weakness that is inherit to every organization. with the help of social engineering you can collect sensitive information.
For example, most of the people are active on social media accounts these days, there is a lot of attentions in which fake emails are sent to take access to your accounts, some of them open those fake emails and follow their instructions. So that their accounts get compromised
Features :
- User can use AdvPhishing to obtain the target’s IP address.
- Easy for user to use.
- 32 different types of templates are available.
- Available on both Andorid ( Termux ) and Linux.
Testing on Following :
- Kali Linux – 2020.1a (version)
- Parrot OS – Rolling Edition (version)
- Ubuntu – 20 (version)
- Arch Linux
- Termux App
Requirement :
- sudo – [ MUST ]
- php
- ngrok Token
Installation
Advphishing tool available for both android and linux, but we will use kali linux for testing purposes and give you an small intro of this tool. lets open kali linux and use the terminal to install this tool. Remember you must have root access.
1 | sudo -i |
We need to clone the AdvPhishing tool from github whose download link is provided below. After that this makes a folder named “AdvPhishing” on our desktop, to whom we have to go and execute the last command to setup this tool successfully.
1 2 3 | git clone https://github.com/Ignitetch/AdvPhishing.git cd AdvPhishing/ bash Linux-Setup.sh |
It will take some time and in this meantime we will go to the web page, signup and get our ngrok token.
1 | https://ngrok.com/ |
We saved our time 🙂 !! as you can see, we have reached the right place where we need to enter our ngrok token.
Additional Setting
This is a recently released feature with the help of which we can get upcoming credentials on our Gmail account and we can even send those credentials to someone else but it is up to you whether you want to do it or not. If yes then follow our steps : first you have to open the following configuration file with your favorite file editor .
Here you have to add your gmail account username, password and the gmail account you want to send those credentials.
Now boot this tool using the following command and choose the template according to your requirement.
1 | bash AdvPhishing.sh |
Nice 🙂 !! As you can see it gives us a phishing link that looks like a link to the actual domain. Just share the link to the victim and wait for the results.
Understand the Scenario : When victim enter his credentials, you need to go to original website and use those credentials to send real OTP to victim. Once he enter that OTP such OTP will also be there with you and you will be allowed to login the account before him. Thats it 🙂 !!
Now when the victim receives the actual OTP from Instagram, they will enter on the phishing page without any doubt.
Boom 🙂 !! As you can see, we have successfully obtained credentials as well as two factor authentication.
Amazing 🙂 !! The most awaited feature that you can see is that credentials have started coming to our gmail account as well.
Two Factor Authentication also here.
More Template’s
In the same way you can use different templates to perform phishing attacks.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
Good article. Keep it up
After installing on termux, ngrok link doesn’t display
Before start the advphhishing you have to turn on your hotspot or mobile data.
hello dear friend. tell me this nuance. I run through termux, everything started. introduced the tot, came to receive the link, and he in a modified version gives such ” https://www.instagram.com-@”
and without modification does not write a link at all, how to solve this problem?
you need to open your hostpot and mobile at the same time to get complete phishing link.
I also have same problem…i want to know how to open hostpot and mobile same time
i need to know how to open hotspot and mobile data at the same time on my PC
(i’m on manjaro linux)
Once it asks “Enter The Ngrok Token [Ex. ./ngrok authtoken 1Y7IU ] ”
I enter the ./ngrok authtoken 1dlJEd………………………
Press enter then I’ve got this just after:
┌─[xxx@parrot]─[~/AdvPhishing]
└──╼ $
Then nothing happens, unlike you are saying with tape Y to launch ..
Any idea why?
Sure ! your are in right way but after complete the installation you have to run the main program that given like : ./AdvPhishing.sh
I want to request an adphising file to be downloaded in thx storage
ok ! we will do
How to change the phone number for receiving otp from +91******** to whatever number we choose?
the alternative way is that we have to clone your WhatsApp application
for enample, i have a paypal login an password, i tried to login with the phishing page but it showed a phone number that they would send the otp to which is not my number nor the client number. i just want to know if i can change the number to mine . and how does the receiving otp works?
If you have the victim user and passwords after that you need to enter the credentials on paypal and then the otp will successfully comes to the vicitm.
AdvPhisher is not working for me
why
After selecting any template this error is occurring
./An-AdvPhishing.sh: line 752: syntax error near unexpected token `;;’
./An-AdvPhishing.sh: line 752:
How to fix?
it always asks for username and password after cloning pls help what to do?
Does the phishing page also have an option for entering otp or I would have to ask the target for it,
no victim will enter the otp in phishing page
I do have paypal email and password and they ask for otp that will send to victem phone. How do i receive otp on my termux terminal so i can be able to login. Please i need the details for paypal otp. Thanks
You can create paypal phishing page with advphihsing tool and ocnce the phishing page are created then sent it to the victim and as soon as victim will enter credentials on that phishing page, they comes to you.
Bascially it’s depends all your social engineering skills.
bro pls help, when I create a phishing website it comes but when I enter it in the browser it shows tunnel not found , and how to on mobile data in pc and do it pls help with the error and mobile data
Shubham bro I’m using termux app
And I was do practice advphishing then I was generated link and I was enter number but otp is not come
Please give me solution
bro pls help, when I create a phishing website it comes but when I enter it in the browser it shows tunnel not found , and how to on mobile data in pc and do it pls help with the error and mobile data
bro pls help, when I create a phishing website it comes but when I enter it in the browser it shows tunnel not found , and how to on mobile data in pc and do it pls help with the error and mobile data
cat: secnhack: No such file or directory