Sponsored
Ethical Hacking

AdvPhishing : OTP Bypass Phishing Tool

AdvPhishing tool is the latest phishing technique in which you can easily access social media accounts of users . there are many type of tools like this but in this tool you can access social media accounts of user even if if two-factor authentication is activated. with the help of this tool not only you can access social media accounts, but you can access many more important accounts like :

Popular Payments Sites :

  • Paytm
  • Paypal
  • PhonePay

Popular Food Webpages :

  • Zomato
  • Uber-Eats

Declarations : This article is posted only for educational purpose to spread awareness among people from being trapped in Phishing attack.

Soical Engineering

Social engineering is one of basic attack in which we can execute our plan with minimum efforts. social engineering as one of the simplest methods to gather information about a target through the process of exploiting human weakness that is inherit to every organization. with the help of social engineering you can collect sensitive information.

For example, most of the people are active on social media accounts these days, there is a lot of attentions in which fake emails are sent to take access to your accounts, some of them open those fake emails and follow their instructions. So that their accounts get compromised

Features :

  • User can use AdvPhishing to obtain the target’s IP address.
  • Easy for user to use.
  • 32 different types of templates are available.
  • Available on both Andorid ( Termux ) and Linux.

Testing on Following :

  • Kali Linux – 2020.1a (version)
  • Parrot OS – Rolling Edition (version)
  • Ubuntu – 20 (version)
  • Arch Linux
  • Termux App

Requirement :

  • sudo – [ MUST ]
  • php
  • ngrok Token

Installation

Advphishing tool available for both android and linux, but we will use kali linux for testing purposes and give you an small intro of this tool. lets open kali linux and use the terminal to install this tool. Remember you must have root access.

sudo -i

We need to clone the AdvPhishing tool from github whose download link is provided below. After that this makes a folder named “AdvPhishing” on our desktop, to whom we have to go and execute the last command to setup this tool successfully.

git clone https://github.com/Ignitetch/AdvPhishing.git
cd AdvPhishing/
bash Linux-Setup.sh

It will take some time and in this meantime we will go to the web page, signup and get our ngrok token.

https://ngrok.com/

We saved our time 🙂 !! as you can see, we have reached the right place where we need to enter our ngrok token.

Additional Setting

This is a recently released feature with the help of which we can get upcoming credentials on our Gmail account and we can even send those credentials to someone else but it is up to you whether you want to do it or not. If yes then follow our steps : first you have to open the following configuration file with your favorite file editor .

Here you have to add your gmail account username, password and the gmail account you want to send those credentials.

Now boot this tool using the following command and choose the template according to your requirement.

bash AdvPhishing.sh

Nice 🙂 !! As you can see it gives us a phishing link that looks like a link to the actual domain. Just share the link to the victim and wait for the results.

Understand the Scenario : When victim enter his credentials, you need to go to original website and use those credentials to send real OTP to victim. Once he enter that OTP such OTP will also be there with you and you will be allowed to login the account before him. Thats it 🙂 !!

Now when the victim receives the actual OTP from Instagram, they will enter on the phishing page without any doubt.

Boom 🙂 !! As you can see, we have successfully obtained credentials as well as two factor authentication.

Amazing 🙂 !! The most awaited feature that you can see is that credentials have started coming to our gmail account as well.

Two Factor Authentication also here.

More Template’s

In the same way you can use different templates to perform phishing attacks.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
Sponsored

View Comments

    • Before start the advphhishing you have to turn on your hotspot or mobile data.

      • hello dear friend. tell me this nuance. I run through termux, everything started. introduced the tot, came to receive the link, and he in a modified version gives such " https://www.instagram.com-@"
        and without modification does not write a link at all, how to solve this problem?

        • you need to open your hostpot and mobile at the same time to get complete phishing link.

          • I also have same problem...i want to know how to open hostpot and mobile same time

          • i need to know how to open hotspot and mobile data at the same time on my PC
            (i'm on manjaro linux)

  • Once it asks "Enter The Ngrok Token [Ex. ./ngrok authtoken 1Y7IU ] "
    I enter the ./ngrok authtoken 1dlJEd...........................
    Press enter then I've got this just after:
    ┌─[xxx@parrot]─[~/AdvPhishing]
    └──╼ $

    Then nothing happens, unlike you are saying with tape Y to launch ..
    Any idea why?

    • Sure ! your are in right way but after complete the installation you have to run the main program that given like : ./AdvPhishing.sh

  • How to change the phone number for receiving otp from +91******** to whatever number we choose?

  • for enample, i have a paypal login an password, i tried to login with the phishing page but it showed a phone number that they would send the otp to which is not my number nor the client number. i just want to know if i can change the number to mine . and how does the receiving otp works?

    • If you have the victim user and passwords after that you need to enter the credentials on paypal and then the otp will successfully comes to the vicitm.

  • After selecting any template this error is occurring

    ./An-AdvPhishing.sh: line 752: syntax error near unexpected token `;;'
    ./An-AdvPhishing.sh: line 752:
    How to fix?

Leave a Comment
Share
Published by
Shubham Goyal
Tags: advance phishingadvance phishing yool githubadvphishingAdvPhishing - This Is Advance Phishing Tool! OTP PHISHINGAdvPhishing : This Is Advance Phishing Tool! OTP PHISHINGadvphishing installationadvphishing otp bypass toolAdvPhishing: OTP Bypass Advanced Phishing Tooladvphshing tool github phishingbypass two fector authenticationgoogle otp bypass techniquehow to bypass otpinstall advphihisng tool kali termuxotp bypass tool githubwhatsapp tfo advphshingworld first otp bypass tool
4 years ago

Recent Posts

Termux Cheat Sheet for Hackers

Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…

1 month ago

Cracking the X-Factor in Cybersecurity: How Humans are Protecting the Systems?

Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…

8 months ago

Cariddi – Hidden Endpoint Finder for Bug Hunting

Hey Folks, we are back today after such a long break, but don't worry we…

2 years ago

API Security Testing 101: Know Everything About API Security Testing!

The security of your API should be one of the top priorities of companies. Without…

2 years ago

7 Best Tools for Web Penetration Testing: Comprehensive Details

Hey Folks, In today's business world, it is essential to have an online presence. However,…

2 years ago

Cyber Security Audits: Everything You Need to Know About It

Hey Folks, Is your business prepared in case of a cyber attack? Many companies don't…

2 years ago
Sponsored

This website uses cookies.