Phishing Attacks

5 min readJul 16, 2021

Hello everyone. We have made a project with my colleagues on phishing attacks. It was made for educational purposes for our lecture. Let’s start with what is phishing attacks? Then I’m going to share how you can perform a phishing attack in the real world, and then I will talk about how many people clicked phishing links in our test environment. After the attack, We told all users that this is a test attack and that they have to change their passwords after the attacks. And we tried this project on our own friends. By law, you cannot use this attack on real users. Keep in mind!

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.

IMPLEMENTATION

For this test, we have used Kali Linux 2020.2 and the Blackeye and ngrok tools. The first thing we must do is open the console and clone the GitHub repository of the said tool with the following command.

Then we will download ngrok from its official website: www.ngrok.com with this we will be able to visualize phishing outside our network. In this case, we download the version for Linux.

Unzip the downloaded file and put the file generated by ngrok on the desktop.

We go back to the ngrok website and copy the auth token that ngrok has generated for us.

Back in the console, we go to the desktop list its's content and see that we have the ngrok file that we unzipped earlier.

Finally, we paste the ngrok auth token and execute the command. With this, we will already have ngrok installed on our Kali Linux machine.

Next, we are going to create an external bridge with ngrok through TCP on port 4444 , through which it will connect to our computer and send the information. To do this we execute the following command.

As we can see, a connection has been created successfully, with the following address highlighted in red.

Now it is the turn to run the blackeye tool that we have cloned from its Github repository earlier.

For them , from the console, we list the root and we can see that we have it there , because with the following command we execute it.

We choose the page to impersonate, in this case, Instagram by dialing the number 1.

By default, we get our IP to test it within our network, but we have created an external bridge with ngrok on port 4444, with which here we will put localhost: 4444

We copy the address generated by ngrok and paste it into our browser, first we are going to test within our network since I am connected to Wi-Fi.

As we can see, the cloned Instagram page appears, we also enter our credentials.

We see how the Blackeye tool has identified the victim and from where he is connecting, in addition to obtaining the credentials that we have put on the Instagram page.