CamPhish -- Control Front Camera of Mobile and PC | Hack WebCam

CamPhish is a camera phishing toolkit inspired from saycheese, it is a upgraded version of saycheese. We can get camera clicks from victim's mobile's front cam or PC's webcam. We can use this on our Kali Linux and we also can use it on our Android mobile phone using Termux.

CamPhish have two automatic generated webpage templates for engaging target on that webpage so the attacker can get more camera snaps.

CamPhish -- Control Front Camera of Mobile and PC

CamPhish need some tools installed in our system, the tools are php openssh git wget. All these tools comes pre-installed with our Kali Linux system, so we start installation process by entering following command:

git clone https://github.com/techchipnet/CamPhish
It will be cloned on our current working directory, as we can see the process in the following screenshot:

camphish cloning from github

Then we need to to the CamPhish directory by using following command:

cd CamPhish
Then we give the permission to the shell script by running following command:

sudo chmod +x camphish.sh
After this we can run the tool by applying following command:

./camphish.sh
Then it will open it's menu as we can see in the following screenshot:

camphish

Here we need to select the port forwarding option we can choose between ngrok and Serveo.net as we know serveo server goes down sometimes so we choose ngrok.

Then it will prompt for choose phishing template as we can see in the following screenshot:

chooseing phishing templet

Here we got two options, option 1 is festival wishing and other is YouTube. We can choose whatever depending on our social engineering. For an example we choose option 2 for YouTube.

youtube watch id

Here the YouTube watch ID means then end id of a YouTube video URL. The screenshot is following:

what is youtube whatch id
YouTube watch Id is the highlighted text
We copy a YouTube video's watch ID as per our target's interest and paste it on CamPhish.

If ngrok is not installed in our system then this tool now download and install ngrok in our system. Then it  will configure the server and automatically give us a link. This is the link as we can see in the following screenshot.

ngrok link

Here we can see that we got the ngrok link (can be opened from anywhere via internet) and now we can send this to victim with some social engineering twists. Sending phishing links to target is an art, we have discussed it on this tutorial.

Now whenever target clicks on the link it will open YouTube video in target's browser and prompt for camera permission. Peoples usually don't read about the permissions and clicked "OK". BINGO! We got connected and we can get snaps from victim's webcam/Frontcam. 


Here we can see that target got connected with our CamPhish server and we are getting camera shots. Those received images files will be saved in CamPhish directory. That is how we can take control of front cameras.

This tutorial is for educational purpose and Proof of Concept only. Hack Webcam and Phishing is a crime. If anyone do any illegal activity then we are not responsible for that.
CamPhish -- Control Front Camera of Mobile and PC | Hack WebCam CamPhish -- Control Front Camera of Mobile and PC | Hack WebCam Reviewed by Kali Linux on April 19, 2020 Rating: 5

17 comments:

  1. no direct links after entering watch id

    ReplyDelete
    Replies
    1. Feeling sad that it doesn't work for you. What port forwarding options you have selected?

      Delete
  2. where can i find received cam file ?

    ReplyDelete
    Replies
    1. The received images files will stored in CamPhish directory.

      Delete
  3. It's sad that the user will asked for a authorization. Regardless thank you!

    ReplyDelete
    Replies
    1. Thanks for reading it carefully. It is asked by the user's system security. One think we can do that trick the user to click on the "allow" button.

      Delete
  4. How we open camphish directory?

    ReplyDelete
    Replies
    1. We have run our script in CamPhish directory that means its our current working directory. Otherwise you can reach it by opening a new terminal and type
      cd CamPhish

      Delete
  5. the pictures for me are black... HELP please

    ReplyDelete
  6. Asks username and password for github.

    ReplyDelete
    Replies
    1. It looks that you have misstyped the GitHub URL in git clone command... Please check it and type again.

      Delete
  7. only from the devices in same network can be obtained , right ??

    ReplyDelete
    Replies
    1. Nope. It comes with ngrok that will help us to grab snaps of anyone on the internet. Please read the article carefully till end.

      Delete
  8. it can capture many images or just 1?

    ReplyDelete
    Replies
    1. it captures images contentiously when target whatching our link.

      Delete
  9. root@kali:/home/kali# git clone https://github.com/techchipnet/CamPhish
    Cloning into 'CamPhish'...
    fatal: unable to access 'https://github.com/techchipnet/CamPhish/': Couldn't connect to server
    it says like this

    ReplyDelete
    Replies
    1. make sure that you have a working internet connection.

      Delete

Please do not spam here. It is comment box not a spambox. Promotional links are not allowed.

Powered by Blogger.