Nowadays people are smart enough. They are not caught in the act of stealing sensitive information. Because the link doesn't look like a real website. For example a criminal link for stealing sensitive information may be the same, https://ngrok.io/xxabcd but it opens pages like Gmail Login. People have found a trap and a user with little tech knowledge will not place guarantees So it becomes difficult to cheat anyone.
Then what do you do? The answer is social engineering. The invader needs to be competent enough in social engineering. What is Social Engineering? In short, social engineering is "bugs in human hardware". The attacker plays on the victim's mind and deceives her.
Hiding criminal links to steal sensitive information from ordinary links that seem trustworthy is part of social engineering. By using this method the attacker can be trusted by the victim, and the victim treats the criminal link to steal sensitive information as a standard link. Because high-end domains (like Google, YouTube, New York Times, etc.) are considered clean.
To make things easier we will use a tool that will turn a criminal link to steal sensitive information into a common web link like Google or YouTube.
Hi folks, in this tutorial we will use a tool that can turn a phishing scam link into a standard web link like Google or YouTube called “maskphish”. MaskPhish is a small and simple tool written in bash language, which is used to hide criminal URLs and steal sensitive information under common looking URLs (google.com or facebook.com).
Video : https://youtu.be/TlJrfeEG4lE
How To Install and Use Masking-URL Tool
It is always the same now in this case and we will download it first using the following command This is a very small tool that does not require any additional reliance, so we can use it in any third party Android app. After the download is complete then we will go to the guide for this tool. That is the only way we can launch this tool using the bash command.
Step 1 :- First you need to Open the Terminal, Termux. After installation you need to open and type the apt update and hit Enter. Then type the command apt upgrade -y to upgrade the termux.
Step 2 :- After updating and upgrading the termux then you need to install other packages like, git etc.
Step 3 :- A small and simple tool written in bash, called "MaskPhish". This tool is made by us and is specially available in our GitHub repository. We can add this from our GitHub repository via the following command:
Step 4 :- Now we just need to navigate to the maskphish directory by simply using the cd command:
Step 5 :- Use the command below to make the file Permission readable, compact, and effective.
Step 6 :- We can do this by using the following command:
MaskPhish will then open the main menu in front of us as a screenshot:
Step 7 :-Now we need to set up our URL for sensitive identity theft here or anywhere (via http: // or https: //).
Step 8 :-After that we need to set up a trusted URL, anything that can mislead the victim's mind like https://google.com or https: //youtube.com or http: //anything.com. As we did on the following screen:
Step 9 :-Here we need to use some social engineering words separated by "-" to make an example if the victim is a football fan then we can use something like the footaball skills concept that here we are not using anywhere.
After that we just install it and have our MaskPhish link. We started our URL with facebook.com and the URL has no ngrok at the exact URL.
SOCIAL MEDIA