Get Passwords | Facebook, Twitter, Instagram & More | Kali Linux


Hey everyone! Today I am going to demonstrate a tool
that is created by DarkSecDevelopers and that tool is Hidden Eye
which allows creating a fishing page on your System and allows you to make this page online
with five different servers. Maybe they will add new servers in the future. And this supports most of the Linux Operating systems
including Android there you can use Termux or userland app. To use this tool you need to install a few required tools. You can find instructions to run this script
in your Linux PC in the instruction file. Anyway, I am providing instruction
in the pinned comment to run the Hidden Eye tool without any error. Firstly – you do things step by step. You should pause the video
and follow these commands. Otherwise, execute this command line. I have 64-Bit Kali Linux Operating System Installed
so I execute this command. Check the pinned comment for further information You should check your System Architecture
before executing that command line. Use “uname -a” command to find out information
about your system. As you can see, I am running 64 Bit OS. If you don’t want to involve in 32 and 64-bit thingy
you should execute the command that is showing on the screen, and I already have put
this command line in the pinned comment. So, execute the command and wait for it to complete. As you can see, I have installed the required tools
to run Hidden Eye and have download this script/tool. Now you need to do is – run “HiddenEye” python
script with python3. Simply execute “python3 HiddenEye.py”
and then press enter. After running the Hidden Eye tool
first it looks for internet connection then it installs server tools that help
to make fishing pages online. If you like to install Local Tunnel package in your PC
then install it otherwise, you can make your work with Ngrok, Serveo,
and Local xpose. But, I am going to install it. If Local Tunnel didn’t install
then press the ‘Enter’ Key and try again to install it. Now we are ready to go. First, you need to agree to terms that you are using this tool only
for education purposes. So press ‘Y’ key
then press the “Enter” key. As you can see, there is the most popular sites available to create a fake login page like social media, email, music, and video
– movie streaming sites. You can easily create a phishing page for facebook,
google, twitter, Instagram, snapchat, and you can pick any of these. But – in this tutorial, I will try facebook. So, I will select facebook by using the first option. Now, you can see, there are four more options
available to facebook. You can create a standard facebook page,
a poll page, a fake security page or a phishing messenger mode. It depends on you
what condition suits best in the time. But in this case, I go forward
with the standard facebook fake page so I choose the first option. We only need username and password so I don’t think putting a keylogger
in the page is a good idea. So, don’t keep it. Simply press ‘N’
then press “Enter” key. And I never saw Cloudfare protection on facebook,
so I am leaving it too. If you want captured data to be emailed
then you should create a config file. Or you can leave it if you do not want it. Now set a URL of a site to redirects users
after entering his or her credentials and that URL could be the same
that’s phishing page you are creating. I picked Facebook
and I will set “facebook.com” Now pick a valid port number
to host a site using a server. and I am picking a 9333 port. Ngrok is awesome, serveo is not working at this time
but that was awesome too. But I will use local expose in this tutorial but you can use any of these. Localxpose allows you to create a custom domain
and subdomains if you buy it but the random domain works very well. I haven’t bought it so I am going to create
a random URL using the second option. As you can see I got a domain
and that page is online at the link. So, let’s check it. First, copy this link
and open it in the browser. As you can see, this page looks like a real
facebook page the only different thing is the URL of this page. So let’s see if I enter username and password on this page
Can hackers get these? As you can see after entering email
and password on the web page it redirected to real facebook page. And the user thinks there is something went wrong
// just nothing. But the other side who is doing this to gets the username and password
that user entered on that page including the user location,
which ISP is user using? So, you couldn’t provide your social media
& other types of accounts username and password on these types of pages until you find out
– the page you are using is real. But, most time you get these links
in the shortened format there you can’t easily find out by looking at it. Bitly is my favorite site to makes a shorten link. Simply paste the link and make it short then copy it. Now I am going to test the phishing site
on the Windows platform. As you can see, this page is HTTPS secure so don’t think about to put your credential
only on a secure site before that check the URL of the page as well. Here, I am entering a random username and password because hidden Eye tool only checks entered credential
that is valid or not it doesn’t checks. Now I am moving on Kali Linux Desktop. And, there is it. As you can see, I got a username and password
on the terminal. So, it could be better if you got any fishy
and catchy messages with the link then you should avoid it
or you should start with the wrong credential. And of course, do not forget to check the link. So, I hope this tutorial is helpful to you
to understand how things work and how can and how can you protect yourself
from a phishing attack. And thanks for watching see you soon in the next tutorial.