How to Hide a Phishing Link

Nowadays people are smart enough. They don't get trapped under phishing. Because the link does not look like the original website. For an example a phishing link may be like, https://ngrok.io/xxabcd but it opens pages like Gmail Login. People got the trap and a user with minimum tech knowledge will not put the credentials(Username & Password). So it becomes tough to phish anyone.

Then what to do ? The answer is Social engineering. An attacker needs to be skilled enough in social engineering. What is Social Engineering ? In short,social engineering is "bugs in human hardware". An attacker plays with victim's mind and trick it.

Hiding phishing links in normal looking trust-able links is a bigger part of social engineering. By using this method the attacker owns the trust of the victim, and the victim treats the phishing link as a normal link. Because the top-level domain (like Google, YouTube, New York Times, etc) is considered clean.
how to hide phishing URL
To make things easier we're gonna use a tool that will convert a phishing link to a normal web link like Google or YouTube.

It is a small & simple tool written in bash, named "MaskPhish". This tool is made by us and exclusively available on our GitHub repository. We can clone this from our GitHub repository by using following command:
git clone https://github.com/jaykali/maskphish
After this command this tool will be downloaded on our system, as shown in the following screenshot:
maskphish clonning from github
Now we just need to navigate in to maskphish directory by simply using cd command:
cd maskphish
We can run this by using following command:
bash maskphish.sh
Then MaskPhish will open the main menu in front of us just like the screenshot:
maskphish main menu
Now we need to put our phishing URL here whatever it is(with http:// or https://).
putting phishing URL
Then We need to put a trusted URL, whatever can phish victim's mind like https://google.com or https://youtube.com or http://anything.com. As we did in the following screenshot:
putting trusted domain
Here we we need to use some social engineering words separated with "-" for an example if the victim is a football fan then we can use something like best-footaball-skills mind that here we don't use any space.

Then we just enter it and we got our MaskPhish link. We got our URL started with facebook.com and the URL doesn't have ngrok in URL directly.
we got our masked phishing link
Let's open this trusted looking URL(also contains special juicy words for target) on our browser are we reached to our destination ngrok (example phishing url).

Oh crap, we got a "Warning!".
browser warning
The warning comes from browser's security functions. Every method have own limitations. But in mobile browsers it did not show this warning, it works like magic.
 
Anyway after click on "Yes" we reached to our phishing website.
redirected to phishing page
This is an example Phishing link, for educational purpose

It is a fact that attackers can gain victim's trust by this kind of URL and many people don't check the warnings and click on "Yes".
 
When our target is on a Android mobile then the Warning will not come.

In our opinion this is a really good thing for Social Engineering Attacks. Using this attacker's success rate will increase, and the attacker earns the trust of the victim by showing off the URL.

There are some other ways to hide our phishing URL. Suppose the attacker sending phishing links via email then there is already a classic way to hide a URL. For another example we are assuming our website URL kalilinux.in as destination. Now the example :

Log in on: https://www.facebook.com/

Kool, Now try to go on Facebook by using the link above !!!

This is easy,  just HTML. Got the trick 😎? Describe it in the comment section.

Another technique is Google search's redirect method.
This is also super easy the attacker can redirect any URL on Google search as following:

https://www[dot]google[dot]com/url?q=https://www.phishingurl.link

Replace the [dot]s with . and try on browser.

These are the clever ways to used by attackers in phishing attack. But there are more methods (like homograph) to mask a phishing URL on the Internet. To be safe from these we should not click on any 3rd party link even it looks like trusted.

This tutorial is for educational and research purposes only. Hacking or Phishing is a serious crime. If anyone does any illegal activity then we are not responsible for that.

Liked our tutorial then don't forget to follow us on Twitter and Medium, we post short news and update about our articles there. For any questions please leave a comment, we always reply.
author-img
Kali Linux

Comments

64 comments
Post a Comment
  • Amit photo
    AmitJuly 16, 2020 at 10:08 AM

    hey the tool is awesome but it does not works with ngrok link it shows error I have used in camphish tool link please reply

    Delete Comment
    • Kali Linux photo
      Kali LinuxJuly 16, 2020 at 11:55 AM

      Yes it is not working with ngrok links... We are looking on to it. If there is some update we reply here. Thanks for notice this issue. We filed this issue to the developer on GitHub. Check it.

      Delete Comment
    • Unknown photo
      UnknownJuly 17, 2020 at 9:32 AM

      How You Merge & Hide That Kalilinux.in into Facbook Link ?
      Please Tell !

      Delete Comment
      • Kali Linux photo
        Kali LinuxJuly 17, 2020 at 11:04 AM

        Ohh

        This is very simple the "https://www.facebook[dot]com is not a link it is a anchor text in this hyperlink. The link is www.kalilinux[dot]in.

        For an example
        a href="https://www.kalilinux.in">https://www.facebook.com</a{check the tags}

        Basic HTML used to trick a mind. Isn't it cool?

        Delete Comment
        • Unknown photo
          UnknownJuly 17, 2020 at 2:35 PM

          Thanks For Information

          Delete Comment
        • AnonymousJuly 18, 2020 at 3:40 PM

          virus@localhost:~$ sudo pip3 install pyshorteners
          [sudo] password for virus:
          WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
          Collecting pyshorteners
          WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pyshorteners/
          WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pyshorteners/
          WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pyshorteners/
          WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pyshorteners/
          WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pyshorteners/
          Could not fetch URL https://pypi.org/simple/pyshorteners/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pyshorteners/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping
          ERROR: Could not find a version that satisfies the requirement pyshorteners (from versions: none)
          ERROR: No matching distribution found for pyshorteners
          WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
          Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping
          help sir pls

          Delete Comment
          • Kali Linux photo
            Kali LinuxJuly 18, 2020 at 5:53 PM

            I think you forgot to use this command
            sudo pip3 install pyshorteners

            Delete Comment
            • AnonymousJuly 23, 2020 at 6:38 PM

              I did you can see in previous comment, this what error I m getting.

              Delete Comment
              • Kali Linux photo
                Kali LinuxJuly 23, 2020 at 9:25 PM

                This error is coming from pip, you can try searching the error message on Google.

                Delete Comment
              • AnonymousJuly 26, 2020 at 7:36 PM

                A nice tool that I have gotten working myself. The error message and how pronounced it is does depend on the browser in use. So results may vary.

                Delete Comment
              • AnonymousAugust 6, 2020 at 2:28 PM

                Tunnel .ngrok.io not found

                Delete Comment
                • Kali Linux photo
                  Kali LinuxAugust 6, 2020 at 6:25 PM

                  It might be the problem comes from the ngrok server. You should check if it is working perfectly.

                  Delete Comment
                • AnonymousAugust 11, 2020 at 3:52 PM

                  you are a simple copy of @perez_mascato, use URLCADIZ V.2

                  Delete Comment
                  • Kali Linux photo
                    Kali LinuxAugust 11, 2020 at 5:46 PM

                    You might be right but we are a better copy than him. He wrote this tool in python that requires pyshortner to run. but our tool is batter than URLCADIZ V2. Ya that tool inspired us but we write it in simple bash language. So we think copy is not a right word.

                    Delete Comment
                  • uesrSeptember 17, 2020 at 1:35 AM

                    /maskphish.sh: 4: Bad substitution

                    Delete Comment
                  • AnonymousSeptember 19, 2020 at 8:44 AM

                    I use it with setoolkit but it seems it doesn't gather data, idk why

                    Delete Comment
                    • Kali Linux photo
                      Kali LinuxSeptember 19, 2020 at 10:40 AM

                      You should try our weeman tutorial with localhost.run services

                      Delete Comment
                      • AnonymousSeptember 20, 2020 at 10:28 AM

                        Thank you for the response, I'm just stupid and new, I didn't realized I run ngrok on http and use maskphish to https, that's why it doesn't gather anything. It's all good now. I'm sorry.

                        Delete Comment
                      • -Avcm15- photo
                        -Avcm15-November 2, 2020 at 11:14 PM

                        Was working great on ngrok but not now

                        Delete Comment
                      • Unknown photo
                        UnknownDecember 15, 2020 at 9:10 PM

                        Wish to have an update soon. Ngrok links don't work with it now as you mentioned in above cmment

                        Delete Comment
                      • AnonymousDecember 23, 2020 at 7:14 AM

                        Hello I used a zphisher link and I did every step correctly, but when I want to get the final link this error appears in the terminal:

                        Here is the MaskPhish URL: https://Youtube.org-free-robux@Error: Please enter a valid URL to shorten

                        Delete Comment
                        • Kali Linux photo
                          Kali LinuxDecember 23, 2020 at 8:46 AM

                          Older version of MaskPhish is not working. We have recently updated MaskPhish v2.0. Please try that one.

                          Delete Comment
                        • AnonymousJanuary 2, 2021 at 6:15 PM

                          I pasted my phishing link but it keeps saying "./maskphish.sh: 4: Bad substitution". I installed it properly and it ran properly. I just got stopped out when typing my phishing link because of the error message. What could I do at this point?

                          Delete Comment
                        • AnonymousJanuary 2, 2021 at 6:27 PM

                          A link has been generated and the steps were completed. But when I paste the link to my browser, it doesn't show my link. It just gets redirected to google search with my website on the search bar. Is there something wrong with the program right now?

                          Delete Comment
                        • AnonymousJanuary 15, 2021 at 10:51 PM

                          It is working for me

                          Delete Comment
                        • AnonymousFebruary 4, 2021 at 1:52 AM

                          Hi
                          I am trying to learn social engineering for education needs. However I am running into few problems with the hide URL.
                          I am using socialFish v 3 to create my phishing url. It work fine when I use the Maskphish to hide the url.
                          However I am not getting the login informations.

                          I hope Y can help me.

                          Drake

                          Delete Comment
                          • Kali Linux photo
                            Kali LinuxFebruary 4, 2021 at 8:55 AM

                            It can't be the problem of maskphish because maskphish just redirect the URL and make it looks like normal URL. Make sure that you are getting login information from SocialFish URL. Thanks.

                            Delete Comment
                            • AnonymousFebruary 4, 2021 at 3:48 PM

                              Hi
                              I controlled the url from social fish is working, it did and I got the information. However if I try with the link Maskphish is giving me, It takes long time to response and afterwards i am guided to the original site and messaged, it were a wrong password.
                              I am not getting the login information, when the url from using maskphish. Can Maskphish only work with Ngrok?

                              Drake

                              Delete Comment
                              • Kali Linux photo
                                Kali LinuxFebruary 4, 2021 at 5:39 PM

                                Hi Drake,
                                I understand your problem. But MaskPhish don't send target to another url. It send the user on your URL using a shortner. You can manage this by like this www.google.com-my-fake-kyword@www.phishinglink.com

                                The browser will send the target to www.phishinglink.com. Browser will read the URL after @. This is the working principle of Maskphish. Maskphish also converts the www.phishiglink.com into a shorten link. Just simple.

                                Hope you will understand. Maskphish just gives the link a mask, it don't change the URL you provided.

                                Thanks.

                                Delete Comment
                              • AnonymousFebruary 26, 2021 at 8:45 PM

                                Bro! Where can i find my victims?

                                Delete Comment
                                • Kali Linux photo
                                  Kali LinuxFebruary 27, 2021 at 11:23 AM

                                  You don't need to find a victim. Because hacking social media accounts is crime. You just need to learn things that you can be aware and keep safe your account. That's all

                                  Delete Comment
                                • AnonymousMay 2, 2021 at 1:10 PM

                                  plz make a full detail article of how to make that fake facebook link which u made above...like i am not getting how to do it from what u write in comments

                                  Delete Comment
                                  • Kali Linux photo
                                    Kali LinuxMay 3, 2021 at 11:24 AM

                                    We have used our Maskphish tool to hide the phishing link. Which facebook link you are talking about?

                                    Delete Comment
                                    • AnonymousMay 3, 2021 at 1:15 PM

                                      in your maskphish article you have used a html trick looking like facebook but opening this site i need detailed explanation of how to do that?

                                      Delete Comment
                                      • Kali Linux photo
                                        Kali LinuxMay 4, 2021 at 5:23 PM

                                        That is very simple. You just need to use basic html on mail. Like this picture. See that picture the code was there.

                                        Delete Comment
                                        • AnonymousMay 4, 2021 at 7:19 PM

                                          where to write this code in html file of website or directly send to user?I AM NOOB :)

                                          Delete Comment
                                          • AnonymousMay 4, 2021 at 7:26 PM

                                            i did it thanks for the image of the code :)

                                            Delete Comment
                                            • Kali Linux photo
                                              Kali LinuxMay 5, 2021 at 7:15 PM

                                              Emails can be write in HTML format. I should not talk more than it. You seems intelligent you should got this.

                                              Delete Comment
                                            • Unknown photo
                                              UnknownMay 12, 2021 at 8:37 AM

                                              Hey author
                                              When I tried to paste the ngrok url and generate the phising url, it showed that the url you enetered is in our internal black list. How am I supposed to test it then?

                                              Delete Comment
                                              • Kali Linux photo
                                                Kali LinuxMay 12, 2021 at 9:30 AM

                                                It seems you are using older version of MaskPhish. Please delete it and download it from GitHub. New MaskPhish is updated.

                                                Delete Comment
                                              • Harithah photo
                                                HarithahJune 3, 2021 at 2:33 PM

                                                What to do after sending the url to victims phone .
                                                How to phish after sending

                                                Delete Comment
                                                • AnonymousJune 11, 2021 at 7:09 PM

                                                  where can i find maskphish ver 2.0?

                                                  Delete Comment
                                                • AnonymousJune 11, 2021 at 7:16 PM

                                                  why i can't see the credentials when i open the link using maskphish?

                                                  Delete Comment
                                                  • Kali Linux photo
                                                    Kali LinuxJune 12, 2021 at 6:00 AM

                                                    Seems it comes because of your ssh tunneling problem. Maskphish didn't change the URL. It just short it.

                                                    Delete Comment
                                                  • vi photo
                                                    viJune 15, 2021 at 11:19 AM

                                                    it n never Run when type GHOST after all

                                                    Delete Comment
                                                  • paperchaserJune 29, 2021 at 6:15 PM

                                                    awesome. you are amazing. can you drop a tutorial on best mailers that guarantee your mails get to inbox?

                                                    Delete Comment
                                                    • Unknown photo
                                                      UnknownJuly 5, 2021 at 11:16 AM

                                                      Hey kali
                                                      i was wondering if its possible to change the main phishing link while using the same masking link?

                                                      Delete Comment
                                                      • Kali Linux photo
                                                        Kali LinuxJuly 5, 2021 at 6:04 PM

                                                        We don't think it is possible. Because we use URL shortner on your provided url. You must need to provide your new url and the masking URL will change.

                                                        Delete Comment
                                                      • Unknown photo
                                                        UnknownAugust 2, 2021 at 2:05 PM

                                                        bash maskphish.sh

                                                        ######┌──────────────────────────┐#####
                                                        ######│▙▗▌ ▌ ▛▀▖▌ ▗ ▌ │#####
                                                        ######│▌▘▌▝▀▖▞▀▘▌▗▘▙▄▘▛▀▖▄ ▞▀▘▛▀▖│#####
                                                        ######│▌ ▌▞▀▌▝▀▖▛▚ ▌ ▌ ▌▐ ▝▀▖▌ ▌│#####
                                                        ######│▘ ▘▝▀▘▀▀ ▘ ▘▘ ▘ ▘▀▘▀▀ ▘ ▘│#####
                                                        ######└──────────────────────────┘#####

                                                        Please Visit https://www.kalilinux.in
                                                        Copyright JayKali


                                                        ### Phishing URL ###

                                                        Paste Phishing URL here (with http or https): http://127.0.0.1:1025
                                                        Processing and Modifing Phishing URL


                                                        ### Masking Domain ###
                                                        Domain to mask the Phishing URL (with http or https), ex: https://google.com, http
                                                        ://anything.org) :
                                                        => https://instagram.com

                                                        Type social engineering words:(like free-money, best-pubg-tricks)
                                                        Don't use space just use '-' between social engineering words
                                                        => codm-gameplays

                                                        Generating MaskPhish Link...

                                                        Here is the MaskPhish URL: https://instagram.com-codm-gameplays@Error: Please enter a valid URL to shorten

                                                        Delete Comment
                                                        • Unknown photo
                                                          UnknownAugust 2, 2021 at 2:05 PM

                                                          PLEASE SOMEONE HELP ME

                                                          Delete Comment
                                                          • Kali Linux photo
                                                            Kali LinuxAugust 2, 2021 at 6:46 PM

                                                            Your URL is running on Localhost, You need to use tunneling services like portmap or ngrok. Then put their provided link. Actually your page is not in the web. It's just running on your system. Our this article might help you.

                                                            Delete Comment
                                                          • AnonymousAugust 12, 2021 at 2:36 PM

                                                            Bro,when i paste the generated maskphish 2.0 link ,it shows a google search page of the url i pasted...nothing else

                                                            Delete Comment
                                                            • AnonymousAugust 12, 2021 at 3:12 PM

                                                              ######┌──────────────────────────┐#####
                                                              ######│▙▗▌ ▌ ▛▀▖▌ ▗ ▌ │#####
                                                              ######│▌▘▌▝▀▖▞▀▘▌▗▘▙▄▘▛▀▖▄ ▞▀▘▛▀▖│#####
                                                              ######│▌ ▌▞▀▌▝▀▖▛▚ ▌ ▌ ▌▐ ▝▀▖▌ ▌│#####
                                                              ######│▘ ▘▝▀▘▀▀ ▘ ▘▘ ▘ ▘▀▘▀▀ ▘ ▘│#####
                                                              ######└──────────────────────────┘#####

                                                              Please Visit https://www.kalilinux.in
                                                              Copyright JayKali


                                                              ### Phishing URL ###

                                                              Paste Phishing URL here (with http or https): http://c386fbe52a1e.ngrok.io
                                                              Processing and Modifing Phishing URL


                                                              ### Masking Domain ###
                                                              Domain to mask the Phishing URL (with http or https), ex: https://google.com, http
                                                              ://anything.org) :
                                                              => https://facebook.com

                                                              Type social engineering words:(like free-money, best-pubg-tricks)
                                                              Don't use space just use '-' between social engineering words
                                                              => free-money

                                                              Generating MaskPhish Link...

                                                              Here is the MaskPhish URL: https://facebook.com-free-money@






                                                              When i post the genearated link ,it shows google search result of the keywords in this.
                                                              Also,i am using Maskphish 2.0

                                                              Delete Comment
                                                              • Kali Linux photo
                                                                Kali LinuxAugust 12, 2021 at 7:32 PM

                                                                Your Internet service provider is blocking our services. Please use a VPN to get the result. Thanks.

                                                                Delete Comment
                                                              google-playkhamsatmostaqltradent