Listen to this Post
AdvPhishing is an open-source phishing tool designed to capture user credentials and OTPs by mimicking legitimate websites. It automates the process of sending intercepted credentials to an email account and allows real-time credential relaying for unauthorized access. This tool is widely used in penetration testing and ethical hacking to identify vulnerabilities in systems.
Key Features:
- Captures credentials and OTPs to bypass 2FA.
- Sends credentials to a specified email.
- Supports multiple tunneling options (Localhost, Ngrok).
- Compatible with Kali Linux, Parrot OS, Ubuntu, Arch Linux, and Termux (Android).
- Requires php, apache2, and an ngrok token.
You Should Know:
1. Setting Up AdvPhishing Tool:
To set up AdvPhishing on your system, follow these steps:
<h1>Update your system</h1> sudo apt-get update <h1>Install required packages</h1> sudo apt-get install php apache2 git -y <h1>Clone the AdvPhishing repository</h1> git clone https://github.com/AdvPhishing/AdvPhishing.git <h1>Navigate to the AdvPhishing directory</h1> cd AdvPhishing <h1>Set up ngrok (replace 'your_ngrok_token' with your actual token)</h1> ./ngrok authtoken your_ngrok_token <h1>Start the phishing server</h1> sudo bash AdvPhishing.sh
2. Configuring Ngrok for Tunneling:
Ngrok is used to create a secure tunnel to your localhost, making your phishing page accessible over the internet.
<h1>Start ngrok with HTTP tunneling</h1> ./ngrok http 80
3. Capturing Credentials:
Once the phishing server is running, any credentials entered on the fake login page will be captured and sent to the specified email address.
4. Preventing Phishing Attacks:
To protect against phishing attacks, consider the following measures:
- Enable Two-Factor Authentication (2FA): Even if credentials are stolen, 2FA adds an extra layer of security.
- Educate Users: Train employees and users to recognize phishing attempts.
- Use Email Filters: Implement email filtering solutions to block phishing emails.
- Regularly Update Software: Keep all software and systems up to date to patch vulnerabilities.
5. Detecting Phishing Attempts:
Use the following commands to monitor and detect phishing attempts on your network:
<h1>Monitor network traffic for suspicious activity</h1> sudo tcpdump -i eth0 -n -s 0 -w capture.pcap <h1>Analyze captured packets using Wireshark</h1> wireshark capture.pcap
6. Removing Phishing Pages:
If you detect a phishing page on your server, take immediate action to remove it:
<h1>Locate the phishing page</h1> sudo find /var/www/html -name "phishing_page.html" <h1>Remove the phishing page</h1> sudo rm -rf /var/www/html/phishing_page.html <h1>Restart Apache to apply changes</h1> sudo systemctl restart apache2
What Undercode Say:
Phishing attacks remain one of the most common and effective methods for cybercriminals to steal sensitive information. Tools like AdvPhishing highlight the importance of robust security measures, including regular system updates, user education, and the implementation of advanced security protocols. By understanding how these tools work, cybersecurity professionals can better defend against such attacks.
Expected Output:
- Successful setup of AdvPhishing tool.
- Captured credentials sent to the specified email.
- Detection and prevention of phishing attempts on your network.
- Removal of any unauthorized phishing pages from your server.
Related URLs:
References:
Reported By: Syed Muneeb – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
