Find Geolocation With Seeker With High Accuracy

Posted: June 15, 2020 in Linux, Networking

With the help of Seeker which is an open-source python script, you can easily find the geolocation of any device with high accuracy along with device information like Resolution, OS Name, Browser, Public IP, Platform etc.

Seeker uses Ngrok (for tunnelling) and creates a fake apache webserver (on SSL) which asks for location permission (Allow or Deny) and if the user clicks on allow button, then you can get all the information related to devising information, location info etc on the terminal screen itself.

Here is the list of all parameters which you’ll get –

  • Longitude
  • Latitude
  • Accuracy
  • Altitude – Not always available
  • Direction – Only available if the user is moving
  • Speed – Only available if the user is moving

Along with Location Information, we can also get Device Information without any permissions :

  • Operating System
  • Platform
  • Number of CPU Cores
  • Amount of RAM – Approximate Results
  • Screen Resolution
  • GPU information
  • Browser Name and Version
  • Public IP Address

This tool is purely a Proof of Concept and is for Educational Purposes Only, Seeker shows what data a malicious website can gather about you and your devices and why you should not click on random links and allow critical permissions such as location etc.

Installation of Seeker – 

You can easily install seeker by typing “git clone https://github.com/thewhiteh4t/seeker.git” as shown below:

seeker1

After that navigate to seeker directory and give 777 permission to install.sh file and execute the install.sh by typing “./install.sh

Depending upon your internet speed, it takes 1-2 minutes for the installation and will install all the dependencies which this tool required.

To run this script, simply type ./seeker.py from the terminal which shows you a welcome screen and will immediately start the Ngrok service with randomly generated URL.

Now the URL which ngrok generates has all the secrets inside it. To get the location and other useful information, just spread the ngrok URL to your friend’s circle with your social engineering techniques.

As soon as when someone clicks “https://random.ngrok.io/nearyou/” it will ask you to allow the location permission. When a user clicks on the Allow button, the browser will automatically send all the necessary information to ngrok servers.

This is the output at your side with all information i.e. Location Information and Device Information.

Update: Serveo may not work sometime

so use >> ./seeker.py -t manual -k testkml

Sometimes serveo.net services is not working due to phishing or overload on this free service then what we can do?

We can use other port forwarding method in this tool like ngrok. ngrok.io is a grate service we can use this. To use ngrok services we need to apply following command after installing the seeker tool and it’s dependencies:

./seeker.py -t manual -k testkml

The screenshot is following:

manual use of seeker

Now, we can choose two options. First option is NearYou and second one is GoogleDrive.

We choose option 2 for Google drive links. Google drive links can look more genuine for the target user. Social engineering techniques will help us to choose a google drive file as per target’s interest(it can be movies or lottery or something else). Then we need a shareable link of Google drive.

Then we paste the link and press enter.

google drive links in seeker

Here this is on our localhost sever. We can forward our port 8080 by port forwarding this is may be done by changing our router’s settings or we can do it by ngrok or other ssh port forwarding methods.

For an example we forward our port 8080 by using localhost.run services by using following command in another terminal:

ssh -R 80:localhost:8080 ssh.localhost.run

The screenshot is following:

localhost.run port forwarding

Now we can send this link to the victim. When victim opens this link he/she can see the Google drive page and that page will prompt victim for location information. If he/she “Allow” this we got all the location information.

To be safe from this kind of attack we should not open any serveo.net or ngrok URLs,but if attacker using shorten links we can expand the links from Expand URL‘s website.

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.

 

Posted by Shubham ;)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.