Phishing is to easiest method to get anyone's social media password. We have learned many ways to do phishing in some previous tutorial like :-
But SocialFish version 3 makes the most easy way. Anyone can create phishing links by some clicks only. Social Fish version 3 have a web based user interface which is more user friendly. The previous version of SocialFish have only command line interface, but previous version is featured with Ngrok integration, for that in previous version we can use our attack over internet but in this version we can attack in our local network only (Don't worry we have a solution please read till end).
The previous version of SocialFish is grate but the latest update have a clean web interface that is very good for beginners.
Before installing SocialFish we need to have Python3 and pip3 installed in our Kali Linux system. New versions of Kali Linux comes with Python3. We prefer to read our tutorial about installing pyhton3 in Kali Linux.
We need to clone SocialFish from it's Github repository, to do that we apply following command in Terminal :
The following screenshot shows the output of the preceding command:
Then we will change our directory to SocialFish by using cd command:
We need to install requirements to run SocialFish in Kali Linux. To install requirements we use following command :
This command will install necessary tools to run SocialFish, this may take a little bit time depending on internet connection. The screenshot of the command is following:
Now we can crate a web interface that will help us to manage our phishing attacks, but we need to configure SocialFish by pick a username and password to login the web interface. We use following command to set a username and password:-
We can choose our username and password in above command.
Then SocialFish will finish it's settings and we should be able to access the web interface by navigating to the URL http://0.0.0.0:5000/neptune in our browser. The screenshot is following:
We can see the login page here we type our username and password that we just set up, and then we click on "Login" to access the SocialFish portal.
Inside the SocialFish web interface, we can see many features and important information.
At the top we can see the field where we can put website for clone, and the website link redirection, and the URL for our attack. For our demonstration we choose twitter.com/login as target and twitter.com will be the redirecting link. If they already logged in, our phishing attack will look like a normal successful login process. After entering both links we need to click the lightning bolt to active the link as shown in the following screenshot.
Now we will open a separate browser window and open the attack link that is http://0.0.0.0:5000
This Attack link will work for LAN devices. That means this link only work for same network devices. WE can forward it globally via SSH. To know more read our Easy port forwarding using SSH tutorial. We can use Social engineering technique to increase the chance of clicking by target. To know more about social engineering ideas read our Social Engineering tutorial.
SocialFish version 3 is very advanced and simple phishing toolkit. We can edit custom pages even we can include beef-framework browser exploitation attack with phishing page, and much more capabilities comes with SocialFish v3.
If any error comes running SocialFish then try command:
instead of sudo pip install -r requirements.txt then run the SocialFish.
SocialFish is developing a mobile based interface to run SocialFish on smartphones. That will make this tool more handy.
How much enjoyed SocialFish v3 tutorial? Please leave valuable comments below or if you have any questions?
This command will install necessary tools to run SocialFish, this may take a little bit time depending on internet connection. The screenshot of the command is following:
Now we can crate a web interface that will help us to manage our phishing attacks, but we need to configure SocialFish by pick a username and password to login the web interface. We use following command to set a username and password:-
We can choose our username and password in above command.
Then SocialFish will finish it's settings and we should be able to access the web interface by navigating to the URL http://0.0.0.0:5000/neptune in our browser. The screenshot is following:
We can see the login page here we type our username and password that we just set up, and then we click on "Login" to access the SocialFish portal.
Inside the SocialFish web interface, we can see many features and important information.
At the top we can see the field where we can put website for clone, and the website link redirection, and the URL for our attack. For our demonstration we choose twitter.com/login as target and twitter.com will be the redirecting link. If they already logged in, our phishing attack will look like a normal successful login process. After entering both links we need to click the lightning bolt to active the link as shown in the following screenshot.
Now we will open a separate browser window and open the attack link that is http://0.0.0.0:5000
This Attack link will work for LAN devices. That means this link only work for same network devices. WE can forward it globally via SSH. To know more read our Easy port forwarding using SSH tutorial. We can use Social engineering technique to increase the chance of clicking by target. To know more about social engineering ideas read our Social Engineering tutorial.
SocialFish version 3 is very advanced and simple phishing toolkit. We can edit custom pages even we can include beef-framework browser exploitation attack with phishing page, and much more capabilities comes with SocialFish v3.
If any error comes running SocialFish then try command:
instead of sudo pip install -r requirements.txt then run the SocialFish.
SocialFish is developing a mobile based interface to run SocialFish on smartphones. That will make this tool more handy.
How much enjoyed SocialFish v3 tutorial? Please leave valuable comments below or if you have any questions?