Phishing is still the most popular and used way to hack different social media accounts. It tricks users in giving passwords on a fake login page that looks legitimate. If you know web development, making a phishing page won’t be a tough task for you. But there’s a tool that automates this task. I am talking about SocialFish that allows a person to create a real-looking phishing page for nearly any website. Yes, you can create a phishing page of any website you want without much effort.
SocialFish can quickly clone the login page of a social media website in only a few clicks. SocialFish is not a new tool but the recent update has made it even better. Now it comes with a web-based interface that makes it easier for beginners.
Note: I do not encourage any kind of illegal activity. Hacking social media accounts is a cybercrime. Use this article only for educational purposes. Do not try to use this tutorial for any illegal activity.
For using SocialFish, you need to Python3 or higher installed on your computer along with Python3’s package manager called PIP3. If you are not sure how to do, I will guide you. Don’t worry,
In a new terminal window, type the following commands. These will install the necessary dependencies, clone the repository and run the set-up.
~$ sudo apt-get install python3 python3-pip python3-dev -y
~$ git clone https://github.com/UndeadSec/SocialFish.git
~$ cd SocialFish
~$ python3 -m pip install -r requirements.txt
Once these commands finish running, you are ready to use SocialFish.
Now we will pick a username and password to log in to the web interface. Use the commands below and replace ‘youruser’ & ‘yourpassword’ with the username and password you want to use.
~$ cd SocialFish
~$ python3 SocialFish.py youruser yourpassword
After setting the username and password, enter the following URL ‘http://0.0.0.0:5000/neptune’ in your browser’s address base. It will ask you to log in. Enter the username and password you entered in the previous setup.
In the SocialFish panel, you will see a text field to enter the URL of the website you want to clone for making the fake login page, website you want to redirect to after the attack.
Suppose you want to make the fake page of Twitter. So, the URL to clone will be twitter.com/login. It will be good to redirect the victim to twitter.com afterward. So, select twitter.com afterward as a redirect to URL. Click the lightning bolt to activate the link.
Now open the http://0.0.0.0:5000/ for checking the fake login page the script just created. This is how the fake login page looks.
All the login details entered on this page can be checked on the SocialFish panel.
It will show you the IP of the victim, OS, date, and browser details. Click on the View to check what details the victim entered.
SocialFish is not a new tool but it has evolved to be one of the best and powerful tools for making phishing pages for social media websites without putting much effort. You can deploy SocialFish across a network for using it in a better way. I talked about installing it on the local server and then use just for educational purposes. You can try installing it on a server for sending links to other people to phish their long details.