SocialFish is an open-source tool through which you can easily create a phishing page of most popular websites like Facebook/Twitter/Github etc and can even be integrated with NGROK which is another open-source tunnel service which forward your localhost URL to some public DNS URL.
Ngrok also provides a real-time web UI where you can introspect all HTTP traffic running over your tunnels.
Disclaimer – The use of the SocialFish is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program.
To install SocialFish, you need to clone the repository from Github by typing the following command in your terminal.
Command: git clone https://github.com/UndeadSec/SocialFish.git
In the next step, you need to install all the necessary packages which SocialFish needs with the help of the following command:
Command: sudo pip install -r requirements.txt
As you can see, all requirements are already satisfied in our machine, so after that, you just need to execute the tool by typing “python SocialFish.py” which will further check the ngrok package whether it’s installed or not, if not then it will automatically download and install the ngrok in your machine.
As soon as you press Y for accepting terms and conditions, it will further ask to choose the option for which you want to create the phishing page but before to select the option, make sure that your ngrok service is running in the background.
To start the ngrok service with http protocol, type “./ngrok http 80” under Server directory
As you can see that, ngrok is running on port 80 with some random URL which actually forwards all traffic from ngrok tunnel to localhost. So we decided to go with Twitter.
Currently, SocialFish Tool supports Facebook, Twitter, Github, WordPress, Google, Linkedin and Stackoverflow only
In below screenshot, you can see that the ngrok service is running with URL https://48d24d5d.ngrok.io/ which you need to send it to your friends by any mean of communication.
Here’s the preview of ngrok URL contains phishing page of Twitter:
As soon as someone enters his/her login details into your phishing page, you’ll instantly get the credentials in clear text screen at the terminal as shown below:
Along with, you can also see all the stats at ngrok screen regarding all GET and POST requests.
Posted by Shubham ;)