Let’s dive right into it by performing a phishing attack with a phishing tool called Socialphish using Kali Linux.
Socialphish is an open sourced phishing tool which comes with 33 web template pages for popular sites such as Google, Facebook, Snapchat, Microsoft, Github, Yahoo, Netflix, Amazon, etc
Open your terminal in the kali Linux operating system and do the following;
#change directory to opt or any directory of your choice
cd /opt/ #clone Socialphish repository
sudo git clone https://github.com/xHak9x/SocialPhish.gitcd SocialPhish #Change permissions on the executable file
sudo chmod +x socialphish.sh #run
Some web templates have outdated designs, let’s try and change them …
For instance, google’s web template;
#change directory to sites
cd sites cd twitter#Edit login page with the most recent login page using nano or any editor of your choice.
sudo nano login.html #save and exit
ctrl + x
let’s run the tool now.
#move back to the SocialPhish directory
cd ../.. #run socialphish
sudo ./socialphish # Select any phishing page of your choice and portforward your local ip
[*] Choose an option: 1 [*]Choose a portforwarding option: 2 #Ngrok will be downloaded if not installed already.
Ngrok allows you to expose a web server running on your local machine to the internet. It helps to access the page from any device since it port-forwards the local IP address.
In the above image you can see the username field is filled as 12345 and password field as 12345. Once you submit this form, the php server listens for keystrokes from the victim which is shown on the terminal and then recorded in the web template directory used in a file saved as saved.usernames.txt /opt/Socialphish/sites/”template”/saved.usernames.txt
There are other open sourced phishing tools out there as well which can be used for phishing purposes as Socialphish but I have made more success with Socialphish.