CamPhish -- Control Front Camera of Mobile and PC | Hack WebCam

CamPhish is a camera phishing toolkit inspired from saycheese, it is a upgraded version of saycheese. We can get camera clicks from victim's mobile's front cam or PC's webcam. We can use this on our Kali Linux and we also can use it on our Android mobile phone using Termux.

CamPhish have two automatic generated webpage templates for engaging target on that webpage so the attacker can get more camera snaps.

CamPhish -- Control Front Camera of Mobile and PC

CamPhish need some tools installed in our system, the tools are php openssh git wget. All these tools comes pre-installed with our Kali Linux system, so we start installation process by entering following command:

git clone https://github.com/techchipnet/CamPhish
It will be cloned on our current working directory, as we can see the process in the following screenshot:

camphish cloning from github

Then we need to to the CamPhish directory by using following command:

cd CamPhish
Then we give the permission to the shell script by running following command:

sudo chmod +x camphish.sh
After this we can run the tool by applying following command:

./camphish.sh
Then it will open it's menu as we can see in the following screenshot:

camphish

Here we need to select the port forwarding option we can choose between ngrok and Serveo.net as we know serveo server goes down sometimes so we choose ngrok.

Then it will prompt for choose phishing template as we can see in the following screenshot:

chooseing phishing templet

Here we got two options, option 1 is festival wishing and other is YouTube. We can choose whatever depending on our social engineering. For an example we choose option 2 for YouTube.

youtube watch id

Here the YouTube watch ID means then end id of a YouTube video URL. The screenshot is following:

what is youtube whatch id
YouTube watch Id is the highlighted text
We copy a YouTube video's watch ID as per our target's interest and paste it on CamPhish.

If ngrok is not installed in our system then this tool now download and install ngrok in our system. Then it  will configure the server and automatically give us a link. This is the link as we can see in the following screenshot.

ngrok link

Here we can see that we got the ngrok link (can be opened from anywhere via internet) and now we can send this to victim with some social engineering twists. Sending phishing links to target is an art, we have discussed it on this tutorial.

Sometimes if the server's are down then we can't see the direct link it will be a blank space then we can see that it is running on our localhost:3333. Then we can use other port forwarding services to make it live on internet. For a reference we suggest you to read our this tutorial.
 
To hide the link as a pro we need to learn how to hide a phishing link.

Now whenever target clicks on the link it will open YouTube video in target's browser and prompt for camera permission. Peoples usually don't read about the permissions and clicked "OK". BINGO! We got connected and we can get snaps from victim's webcam/Frontcam. 


Here we can see that target got connected with our CamPhish server and we are getting camera shots. Those received images files will be saved in CamPhish directory. That is how we can take control of front cameras.

This tutorial is for educational purpose and Proof of Concept only. Hack Webcam and Phishing is a crime. If anyone do any illegal activity then we are not responsible for that.
author-img
Kali Linux

Comments

67 comments
Post a Comment
  • Unknown photo
    UnknownApril 23, 2020 at 7:49 AM

    no direct links after entering watch id

    Delete Comment
  • Unknown photo
    UnknownApril 24, 2020 at 10:32 AM

    where can i find received cam file ?

    Delete Comment
  • AnonymousApril 27, 2020 at 1:01 AM

    It's sad that the user will asked for a authorization. Regardless thank you!

    Delete Comment
    • Kali Linux photo
      Kali LinuxApril 27, 2020 at 6:46 AM

      Thanks for reading it carefully. It is asked by the user's system security. One think we can do that trick the user to click on the "allow" button.

      Delete Comment
    • All In One photo
      All In OneApril 28, 2020 at 8:26 PM

      How we open camphish directory?

      Delete Comment
      • Kali Linux photo
        Kali LinuxApril 28, 2020 at 9:22 PM

        We have run our script in CamPhish directory that means its our current working directory. Otherwise you can reach it by opening a new terminal and type
        cd CamPhish

        Delete Comment
        • Unknown photo
          UnknownAugust 24, 2020 at 9:37 PM

          Open your hotspots to see the link

          Delete Comment
        • Aloiid photo
          AloiidMay 2, 2020 at 11:53 PM

          the pictures for me are black... HELP please

          Delete Comment
          • AnonymousJune 10, 2020 at 12:11 AM

            provavelmente negaram a solicitação da camera

            Delete Comment
          • Salvatore_19 photo
            Salvatore_19May 5, 2020 at 7:47 AM

            Asks username and password for github.

            Delete Comment
            • Kali Linux photo
              Kali LinuxMay 5, 2020 at 9:03 AM

              It looks that you have misstyped the GitHub URL in git clone command... Please check it and type again.

              Delete Comment
            • Sunder Muthukumaran photo
              Sunder MuthukumaranMay 6, 2020 at 9:14 PM

              only from the devices in same network can be obtained , right ??

              Delete Comment
              • Kali Linux photo
                Kali LinuxMay 7, 2020 at 8:11 AM

                Nope. It comes with ngrok that will help us to grab snaps of anyone on the internet. Please read the article carefully till end.

                Delete Comment
              • Unknown photo
                UnknownMay 25, 2020 at 8:35 PM

                it can capture many images or just 1?

                Delete Comment
              • Unknown photo
                UnknownMay 25, 2020 at 8:54 PM

                root@kali:/home/kali# git clone https://github.com/techchipnet/CamPhish
                Cloning into 'CamPhish'...
                fatal: unable to access 'https://github.com/techchipnet/CamPhish/': Couldn't connect to server
                it says like this

                Delete Comment
              • AnonymousMay 26, 2020 at 3:03 PM

                Hi, Awesome tutorial.. thank you bro.. just 1 question, is there any way to change text in permission popup... "*.ngrok. is asking for permission for camera" can we change text here.. or is there any to way to block youtube video from playing if he rejects camera permission... Thank you....!!

                Delete Comment
                • Kali Linux photo
                  Kali LinuxMay 26, 2020 at 10:44 PM

                  The permission popup is prompt by victim's browser, we can't bypass it. Because it didn't depend on our tool. In the case of YouTube video we will ask the tool maker if he can do something.

                  Delete Comment
                • matrixman photo
                  matrixmanJune 15, 2020 at 10:48 PM

                  tunnel .io is not found
                  what should i do ?
                  i did not receive any files

                  Delete Comment
                • AnonymousJune 28, 2020 at 9:38 PM

                  ngrok server started for the first time but now it's not responding. like i am not getting anything displayed after "starting ngrok server"

                  Delete Comment
                  • Kali Linux photo
                    Kali LinuxJune 29, 2020 at 10:35 AM

                    It looks like the problem is coming from ngrok server. Wait some hour or a day then try again. Thank you.

                    Delete Comment
                  • Parthipan photo
                    ParthipanJuly 2, 2020 at 11:01 AM

                    I received ip Id but cannot received cam file

                    Delete Comment
                  • Unknown photo
                    UnknownJuly 7, 2020 at 4:27 PM

                    i dint get direct link but it is showing waiting targets
                    how do i get the link

                    Delete Comment
                    • AnonymousJuly 23, 2020 at 10:45 PM

                      how can i find call details of number by using kali linux tool

                      Delete Comment
                      • Kali Linux photo
                        Kali LinuxJuly 24, 2020 at 5:05 AM

                        In that case you need to use the HaxRat or L3MON tool. We have featured them in our articles. Try them.

                        Delete Comment
                      • Unknown photo
                        UnknownJuly 24, 2020 at 1:58 PM

                        If we want the pictures of victim again! Then again we need to make him to click on that link?

                        And what if our machine is offline when victim is watching that link? Will the images come to my machine after I come online?

                        Delete Comment
                        • Kali Linux photo
                          Kali LinuxJuly 24, 2020 at 2:31 PM

                          Answer of the 1st question is 'YES'. You need to send the link again.

                          If your machine is offline and online again then our will not receive the pictures because the connection will broke. You need to be online constantly while attacking.

                          Delete Comment
                        • AnonymousAugust 11, 2020 at 12:00 PM

                          after i done everything it shows cannot read real time clock invalid argument

                          Delete Comment
                          • Kali Linux photo
                            Kali LinuxAugust 11, 2020 at 6:46 PM

                            Are you using WSL (Windows Subsystem for Linux) to run Kali ? This problem is comes from there. Check the solution here.

                            Delete Comment
                          • Musharaf parwej photo
                            Musharaf parwejAugust 19, 2020 at 1:44 PM

                            Does it work for wsl......as i am not getting the link....it is blank

                            Delete Comment
                            • Kali Linux photo
                              Kali LinuxAugust 19, 2020 at 10:55 PM

                              Which method of port forwarding you have tried serveo or ngrok? Serveo server seems to be down. These kind of free services faces these problems. It happens with them sometimes. You should wait for their server come back online. Or host these pages on localhost and try portmap. Both these tutorial is available on our website.

                              Delete Comment
                            • Unknown photo
                              UnknownAugust 20, 2020 at 11:57 PM

                              im able to send link and works perfectly with laptop cams. but i tried cellphone and not asking for the camera permission. any help?

                              Delete Comment
                              • Kali Linux photo
                                Kali LinuxAugust 21, 2020 at 3:45 AM

                                Did you tried on another mobile devices. Because we don't got this kind of issues.

                                Delete Comment
                              • Unknown photo
                                UnknownAugust 21, 2020 at 1:38 PM

                                i found image but blank image

                                Delete Comment
                              • Lokendra beniwal photo
                                Lokendra beniwalSeptember 1, 2020 at 12:01 AM

                                I didn't get the link even after starting the hotspot (in pc ) plss help

                                Delete Comment
                                • Kali Linux photo
                                  Kali LinuxSeptember 1, 2020 at 5:49 AM

                                  Turning on the hotspot is for mobile not for PC. I think the serveo server is down. That's why the link is not generating.

                                  Delete Comment
                                • AnonymousSeptember 5, 2020 at 9:18 PM

                                  the cam file is not been received on Kali

                                  Delete Comment
                                • AnonymousSeptember 18, 2020 at 8:20 AM

                                  Hey, it works flawlessly on PC but on mobile, it doesn't work on newer OS

                                  Delete Comment
                                  • Kali Linux photo
                                    Kali LinuxSeptember 18, 2020 at 1:23 PM

                                    The author told me to turn on mobiles wifi hotspot to use it with Termux.

                                    Delete Comment
                                  • AnonymousSeptember 18, 2020 at 5:54 PM

                                    I mean it doesn't capture anything on some phones, sorry for not being specific:)). Does it have something to do with phones security?

                                    Delete Comment
                                    • Rajpoot photo
                                      RajpootOctober 1, 2020 at 10:04 AM

                                      how to open directory

                                      Delete Comment
                                      • popeye photo
                                        popeyeOctober 2, 2020 at 4:28 PM

                                        all are blank images bro ive opened link in my mobile and i received all black images nothing is visible except black screen

                                        Delete Comment
                                        • Kali Linux photo
                                          Kali LinuxOctober 2, 2020 at 7:05 PM

                                          This tool requires up-gradation but the developer didn't looking on it. Let we talk with the developer.

                                          Delete Comment
                                        • Boom Boom photo
                                          Boom BoomOctober 5, 2020 at 7:12 AM

                                          Thnks for the help. I recorded my self through the link and trying to find the recorded video or image but i am not able to find the campphish directory. would you like to tell me where to access the recorded video or photos of camphish on comuter

                                          Delete Comment
                                          • Kali Linux photo
                                            Kali LinuxOctober 5, 2020 at 7:41 AM

                                            Here we showed this

                                            Delete Comment
                                            • AnonymousOctober 14, 2020 at 11:05 AM

                                              Great tutorial. Since you're actually helping people with issues, I have one.
                                              It works fine on a computer. However, the link crashes when I try and open it on Android. The site straight up refuses to open.

                                              Delete Comment
                                              • AnonymousOctober 14, 2020 at 4:38 PM

                                                I'm using Android 10, by the way...

                                                Delete Comment
                                                • Kali Linux photo
                                                  Kali LinuxOctober 14, 2020 at 4:58 PM

                                                  Actually we are specially focused on Kali Linux. Not used Android for a while. But if possible can you provide some screenshot when site refuses to open it? Then might be we can help you. Thanks

                                                  Delete Comment
                                                • Unknown photo
                                                  UnknownNovember 8, 2020 at 11:01 AM

                                                  How to delete the pictures capturred by Camphish i couldnt delete it

                                                  Delete Comment
                                                  • Kali Linux photo
                                                    Kali LinuxNovember 8, 2020 at 4:42 PM

                                                    try to delete them from terminal using sudo. But be careful abusing sudo command can delete your whole Operating System files.

                                                    Delete Comment
                                                  • AnonymousDecember 5, 2020 at 6:49 PM

                                                    pictures received from victim's laptop are good but from mobile phone, they are black

                                                    Delete Comment
                                                    • Kali Linux photo
                                                      Kali LinuxDecember 6, 2020 at 9:25 AM

                                                      Many people facing this issue. We are trying to contact the original developer (thelinuxchoice) but he is not responding and he deleted his original GitHub repository. He just told us that he left cybersecurity.

                                                      Delete Comment
                                                    • Unknown photo
                                                      UnknownJanuary 10, 2021 at 5:13 AM

                                                      no link there,is that a bug?

                                                      Delete Comment
                                                    google-playkhamsatmostaqltradent