Saturday, January 26, 2019

SocialFish Tutorial: Make Phishing Easier

Do you think Phishing is easy to apply?

Well, the answer is a big NO. As Internet users growing, people are becoming more clever. It's not easy to apply Social Engineering in today's world of the Internet.

But the tool we're gonna use in this tutorial can pretty much sort out this problem. The SocialFish tool is an open source tool available on Github. The best thing about socialFish is, it has Ngrok integrated.

If you don't know what Ngrok is, simply, it is a tool that offers you to access the local web server over WAN. Basically, it is a localhost tunnel. In theory, you connect to the Ngrok server and Ngrok server allows you to access the client side firewall and they give you the details without raising an alarm to the firewall.

Let's see how SocialFish can be used.

Configure SocialFish in Kali Linux

Fire up your Kali Linux Machine and open up the terminal and clone the tool from Github to the Desktop. Now change the directory to the SocialFish folder.

cd Desktop/
cd SocialFish/
ls

Before proceeding to the installation, make sure that you have the latest version of python and PHP installed in your Kali Linux Machine. If you are a root user, take the root permission for the script by the command chmod +x SocialFish.py. Run the script by the command-

python SocialFish.py

If you don't have Ngrok installed, it'll install it automatically. Wait for a few seconds to complete the download. After completing the download it will prepare the environment and ask to accept the terms and conditions.

In the next, it will ask whether you want to receive your logged credentials by E-mail or not. If you want to, put your E-mail address. In our case we're not gonna use E-Mail.
SocialFish Tutorial: Make Phishing Easier

Now the tool giving us two options, the first one is Social Media and the 2nd one is Others. We will stick with the first option as it is more effective and look familiar to the victim. Also, the 2nd option is may be in development. There is a big chance of getting an error with the 2nd option. 

Okay, here we got the phishing options and of course, it is sorted in terms of popular websites. Make sure that you have no previously running localhost server because it will start the Apache localhost server.
SocialFish Tutorial: Make Phishing Easier

We've selected the popular Twitter option. Now the tool is asking for a custom redirect URL and we entered the original twitter login panel URL. Now the tool started building the phishing web page for Twitter.
SocialFish Tutorial: Make Phishing Easier

Here the tool generated a Ngrok URL for us. Let's test whether it works or not.
SocialFish Tutorial: Make Phishing Easier

Great! we've entered a random password and username and the tool captured the login details perfectly.
SocialFish Tutorial: Make Phishing Easier

If you don't enter your E-mail to receive credentials, you will get the credentials in the terminal or in the logs inside the SocialFish folder.

Fixing The Errors

You may face some errors mainly ModuleNotFound error. This is because you don't have all the requirements installed properly. But don't worry, just follow the commands given below.

cd SocialFish/
sudo apt-get install python3-pip php -y
sudo pip3 install huepy
sudo pip3 install wget
sudo python3 SocialFish.py

These commands will install all the modules needs to run SocialFish. If you face more problems, leave a comment below explaining the problem. 

Conclusion

The only best about SocialFish is that it works with Ngrok. This thing made the tool useful for learners.

Obviously, this tool and the tutorial is for educational purpose and don't use it on others. Give a reaction to the tutorial and let everybody know how you are going to use this tool. But Social Engineering fully depends on how you present it to victims, not on the tools you are using.

Do you have any Social Engineering trick to trape a person? How SocialFish can improve your skills?

Comments 0

Thanks for visiting us. Please Do comment with a valid name. Don't comment as Unknown.
(Warning: Do not spam in the comment box. Repetitive comments will not be moderated.)
EmoticonEmoticon