AdvPhishing tool is the latest phishing technique in which you can easily access social media accounts of users . there are many type of tools like this but in this tool you can access social media accounts of user even if if two-factor authentication is activated. with the help of this tool not only you can access social media accounts, but you can access many more important accounts like :

Popular Payments Sites :

  • Paytm
  • Paypal
  • PhonePay

Popular Food Webpages :

  • Zomato
  • Uber-Eats

Declarations : This article is posted only for educational purpose to spread awareness among people from being trapped in Phishing attack.

Soical Engineering

Social engineering is one of basic attack in which we can execute our plan with minimum efforts. social engineering as one of the simplest methods to gather information about a target through the process of exploiting human weakness that is inherit to every organization. with the help of social engineering you can collect sensitive information.

For example, most of the people are active on social media accounts these days, there is a lot of attentions in which fake emails are sent to take access to your accounts, some of them open those fake emails and follow their instructions. So that their accounts get compromised

Features :

  • User can use AdvPhishing to obtain the target’s IP address.
  • Easy for user to use.
  • 32 different types of templates are available.
  • Available on both Andorid ( Termux ) and Linux.

Testing on Following :

  • Kali Linux – 2020.1a (version)
  • Parrot OS – Rolling Edition (version)
  • Ubuntu – 20 (version)
  • Arch Linux
  • Termux App

Requirement :

  • sudo – [ MUST ]
  • php
  • ngrok Token

Installation

Advphishing tool available for both android and linux, but we will use kali linux for testing purposes and give you an small intro of this tool. lets open kali linux and use the terminal to install this tool. Remember you must have root access.

We need to clone the AdvPhishing tool from github whose download link is provided below. After that this makes a folder named “AdvPhishing” on our desktop, to whom we have to go and execute the last command to setup this tool successfully.

It will take some time and in this meantime we will go to the web page, signup and get our ngrok token.

We saved our time 🙂 !! as you can see, we have reached the right place where we need to enter our ngrok token.

Additional Setting

This is a recently released feature with the help of which we can get upcoming credentials on our Gmail account and we can even send those credentials to someone else but it is up to you whether you want to do it or not. If yes then follow our steps : first you have to open the following configuration file with your favorite file editor .

Here you have to add your gmail account username, password and the gmail account you want to send those credentials.

Now boot this tool using the following command and choose the template according to your requirement.

Nice 🙂 !! As you can see it gives us a phishing link that looks like a link to the actual domain. Just share the link to the victim and wait for the results.

Understand the Scenario : When victim enter his credentials, you need to go to original website and use those credentials to send real OTP to victim. Once he enter that OTP such OTP will also be there with you and you will be allowed to login the account before him. Thats it 🙂 !!

Now when the victim receives the actual OTP from Instagram, they will enter on the phishing page without any doubt.

Boom 🙂 !! As you can see, we have successfully obtained credentials as well as two factor authentication.

Amazing 🙂 !! The most awaited feature that you can see is that credentials have started coming to our gmail account as well.

Two Factor Authentication also here.

More Template’s

In the same way you can use different templates to perform phishing attacks.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

28 thoughts on “AdvPhishing : OTP Bypass Phishing Tool”

      1. hello dear friend. tell me this nuance. I run through termux, everything started. introduced the tot, came to receive the link, and he in a modified version gives such ” https://[email protected]
        and without modification does not write a link at all, how to solve this problem?

          1. I also have same problem…i want to know how to open hostpot and mobile same time

          2. i need to know how to open hotspot and mobile data at the same time on my PC
            (i’m on manjaro linux)

  1. Once it asks “Enter The Ngrok Token [Ex. ./ngrok authtoken 1Y7IU ] ”
    I enter the ./ngrok authtoken 1dlJEd………………………
    Press enter then I’ve got this just after:
    ┌─[[email protected]]─[~/AdvPhishing]
    └──╼ $

    Then nothing happens, unlike you are saying with tape Y to launch ..
    Any idea why?

  2. How to change the phone number for receiving otp from +91******** to whatever number we choose?

  3. for enample, i have a paypal login an password, i tried to login with the phishing page but it showed a phone number that they would send the otp to which is not my number nor the client number. i just want to know if i can change the number to mine . and how does the receiving otp works?

    1. If you have the victim user and passwords after that you need to enter the credentials on paypal and then the otp will successfully comes to the vicitm.

  4. After selecting any template this error is occurring

    ./An-AdvPhishing.sh: line 752: syntax error near unexpected token `;;’
    ./An-AdvPhishing.sh: line 752:
    How to fix?

  5. I do have paypal email and password and they ask for otp that will send to victem phone. How do i receive otp on my termux terminal so i can be able to login. Please i need the details for paypal otp. Thanks

    1. You can create paypal phishing page with advphihsing tool and ocnce the phishing page are created then sent it to the victim and as soon as victim will enter credentials on that phishing page, they comes to you.

  6. Shubham bro I’m using termux app
    And I was do practice advphishing then I was generated link and I was enter number but otp is not come
    Please give me solution

Leave a Reply

Your email address will not be published. Required fields are marked *