Wednesday, May 1, 2019

HiddenEye

HiddenEye is a phishing and social engineering tool that allows you to easily create a fake website that can capture user credential with a PHP script and dump the credential on to the terminal for you to see after a successful attack. HiddenEye has the ability to clone many popular web services such as Facebook, Linkedin, Yahoo, Gmail, Github, Twitter, and many more.

Follow the instruction below to learn how to install and use HiddenEye.

1. Turn on your Kali machine, open a terminal and type in the following command:

git clone https://github.com/DarkSecDevelopers/HiddenEye.git

Wait for it to finish cloning and change your directory to HiddenEye using the command cd HiddenEye


2. Inside the HiddenEye directory, type in the following command:

apt-get install python3-pip (You need Python 3 for HiddenEye to work.)


3. Now execute the command pip3 install -requirements.txt. This will install all of the requirements to run HiddenEye


4. Give HiddenEye.py execute permission by using the command chmod +x HiddenEye.py following the command python3 HiddenEye.py to run the tool


5. If your Kali does not have Ngrok installed yet, HiddenEye will automatically download and install Ngrok for you like I have below.


6. Wait for it to finish downloading and installing Ngrok and you should see a screen like below. Just type in y and press Enter


7. If everything goes well, you will see a screen like I have below.


8. From here it is very straight forward, all you have to do is choose a service you would like HiddenEye to clone and it will do it for you. I choose Facebook as an example to show you how easy it is to create a fake Facebook page with this tool and send it to your victim.




On this screen, you can redirect the victim to any website, I choose to redirect them to a legit Facebook page just so it doesn't triggered an suspicion. After all hacking is also about making it looks as real as possible.




These two URLs are the one you can send to your victim. Any of them is fine, but you can use the one with https to make it look more convincing.


After the victim logs in you will see a screen like the one above.


The link is not facebook.com but the page looks exactly like Facebook.


After the victim logs in you can check your terminal to see the credential. Just scroll up a little bit until you see the words CREDENTIALS FOUND in green and that should be the victim's login information.


hair magic. re-grow your hair

2 comments:

  1. This blog is amazing even i already subscribe and read your all blogs when i was come in https://www.secnhack.in then i was stuck at point but this blog has very sharp.

    ReplyDelete