HiddenEye is a modern phishing tool with advanced features and is currently supported by Android. You will now have live information about the victims, such as: IP ADDRESS, Geolocation, ISP, State, and many more.
In this post, we 're going to see what phishing is? How risky is that? And how to use the hidden eye for phishing.
What's the Phishing?
Phishing is a fraudulent attempt to acquire confidential information, such as usernames , passwords and credit card numbers, by disguising oneself as a trusted person in electronic communications.
The core of phishing is Social Engineering, the success rate often relies only on human error. Suppose you have a link that asks you to log in to your account and a link is suspected that there is a strong risk that you may give your information to someone else and that you may get phished.
Hidden Eye is one of the best phishing devices available, it also has features such as keylogger, ngrok support, and more.
Wget from Python
How To Install HiddenEye -
git clone https://github.com/DarkSecDevelopers/HiddenEye.git chmod 777 HiddenEye sudo apt install python3-pip cd HiddenEye sudo pip3 install -r requirements.txt sudo pip3 install requests
Step 1: When you will start Hidden Eye Script from the Command Given Above - You will see a list from which you can select a single website for which you want to create a Phishing Page.
Step 2: Select Operation Mode from the given list which you think will be most effective for you.
Step 3: The Next Page after Operation Mode wil ask you to enable a Keylogger for the Phishing Page.
Step 4: Enable / disable Cloudfare Protection.
Step 5: You can also configure it to send captured data via email, I do not recommend this method, but you can set it up if you want to.
Step 6: Add link where you want the page to redirect after details are entered.
Step 7: I am selecting ngrok so that the link can be available over WAN.
Step 8: You are done with setup. Now send the link and enjoy phishing!
Step 9: Now you can share the ngrok link with the target, as you can see below is identical to Instagram’s login page.
Step 10: Now when the victim fill up their credentials and press login they will be redirected to the original Instagram login page (or the link where you have redirected in step 6) and now we have the victim’s user id and password on our terminal screen.
You can also use any link or URL shortener to make the link less suspicious, but remember phishing is always about social engineering.
If you close the terminal, the link will not work anymore as after closing the terminal the ngork server will stop working, and the link will no more work.
This Tutorial is only for educational purpose only, don't use it to harm anyone.
Full Tutorial : Youtube Channel - How To KR