The social engineering has always been one of the most used strategies in the hacking world, being the easiest way to steal the victim’s login credentials. There are a los of useful tools on the internet to create phising pages, but the success of this kind of attack relies on the attacker’s capacity to generate the proper conditions to make the victims write their login data in the fake sites.
And now it will be shown a guide to create phising sites with a tool called Blackeye. This phising tool generates fake versions of the most popular websites like the social networks. The tool counts with 32 predetermined stencils and one customizable to create fake login websites. The tool has been tested with Kali Linux 2018.3.
And now it will be shown a guide to create phising sites with a tool called Blackeye. This phising tool generates fake versions of the most popular websites like the social networks. The tool counts with 32 predetermined stencils and one customizable to create fake login websites. The tool has been tested with Kali Linux 2018.3.
According to the ethic hacking investigators of the International Cybernetic Security Insitute, this tool is auseful in the initial phase of a penetration testing process.
Install Blackeye
-Type git clone
–https://github.com/thelinuxchoice/blackeye.git in the Linux’s terminal
-After that, type Is
-Type cd blackeye
-Type Is
root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/thelinuxchoice/blackeye.git
Cloning into ‘blackeye’…
remote: Enumerating objects: 13, done.
remote: Counting objects: 100% (13/13), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 352 (delta 5), reused 0 (delta 0), pack-reused 339
Receiving objects: 100% (352/352), 8.04 MiB | 2.20 MiB/s, done.
Resolving deltas: 100% (91/91), done.
Checking out files: 100% (284/284), done.
root@kali:/home/iicybersecurity/Downloads# ls
root@kali:/home/iicybersecurity/Downloads# cd blackeye/
root@kali:/home/iicybersecurity/Downloads/blackeye# ls
blackeye.sh LICENSE README.md sites
Write bash blackeye.sh to launch the tool.
root@kali:/home/iicybersecurity/Downloads/blackeye# bash blackeye.sh
-As you can see, Blackeye has a lot of stencils that offer easy options to create phising sites.
-To create phising sites, simply choose any stencil and add your IPv4 adress
-To obtain the Ipv4 open another terminal and enter Ipv4
Type ifconfig
– To access the phising site, enter the IPv4 adress in the browser or send the phising site to the victim
-Now we will see how to forge any website
Creating phising sites
These are some of the examples to create phising sites:
-Type bash blackeye.sh
-After that, blackeye will launch and will ask to choose any of the stencils to create phising sites
-We have chosen number 3 (Snapchat). Type 3
-After that, type IPv4 adress, 192.168.1.8
– Blackeye will be shown to send links to the objective.
– If you enter the link of the web’s browser, it will be opened the same link of the original login site.
Go to the website browser and write the given link. Type 192.168.1.8
– After writing the given link, it has been created a new fake website of Snapchat.
– When you or your objective open the phising link in the website browser, Blackeye also shows that the browser is opened as shown in this image:
– The Snapchat website has benn created exactly as the original one.
– Now, if the objective enters the credentials of the phising site, it will be shown the user’s name and his password.
-The earlier method is the most common way to use this attack.
-Now try any other websites.
-Choose any stencil and write your IPv4
-Type 2 for Facebook
-Type 192.168.1.8
-Open the phising link or send the phising link to the objective.
– Now every time that the objective enters his/her user name or password, Blackeye will show the user name and the password of the victim.
– Enter the phising link in the web browser.
– The objective enters the username and password.
– After entering the username and password in the phising site, Blackeye will take the credentials of the login sesion.
Crating custom websites
To create custom websites:
– Choose the 33 stencil and type all of the needed details
– Type 192.168.1.8 or you can write any other title in the website
– Type Login Page or you can write any name
– Type Username and write password like your login fields
– Type 192.168.1.8 in the web browser
-Now open the phising link in the web browser
Type 192.168.1.8 in the web browser.
– Introduce the username and the password in field in white.
– After adding the username and the password as you can see, Blackeye has extracted the username and the password of the objective.
USING THIS TOOL WITHOUT THE PERMISSION OF THE OBJECTIVE CAN CREATE LEGAL PROBLEMS. IT IS RECOMMENDED TO BE CAREFUL WHILE USING BLACKEYE