Then what to do ? The answer is Social engineering. An attacker needs to be skilled enough in social engineering. What is Social Engineering ? In short,social engineering is “bugs in human hardware”. An attacker plays with victim’s mind and trick it.
Hiding phishing links in normal looking trust-able links is a bigger part of social engineering. By using this method the attacker owns the trust of the victim, and the victim treats the phishing link as a normal link. Because the top-level domain (like Google, YouTube, New York Times, etc) is considered clean.
To make things easier we’re gonna use a tool that will convert a phishing link to a normal web link like Google or YouTube.
It is a small & simple tool written in bash, named “MaskPhish“. This tool is made by us and exclusively available on our GitHub repository. We can clone this from our GitHub repository by using following command:
git clone https://github.com/jaykali/maskphish
After this command this tool will be downloaded on our system, as shown in the following screenshot:
Now we just need to navigate in to maskphish directory by simply using cd command:
We can run this by using following command:
Then MaskPhish will open the main menu in front of us just like the screenshot:
Oh crap, we got a “Warning!”.
|This is an example Phishing link, for educational purpose|
In our opinion this is a really good thing for Social Engineering Attacks. Using this attacker’s success rate will increase, and the attacker earns the trust of the victim by showing off the URL.
There are some other ways to hide our phishing URL. Suppose the attacker sending phishing links via email then there is already a classic way to hide a URL. For another example we are assuming our website URL kalilinux.in as destination. Now the example :
Log in on: https://www.facebook.com/
Kool, Now try to go on Facebook by using the link above !!!
This is easy, just HTML. Got the trick 😎? Describe it in the comment section.
Another technique is Google search’s redirect method.
This is also super easy the attacker can redirect any URL on Google search as following:
Replace the [dot]s with . and try on browser.
These are the clever ways to used by attackers in phishing attack. But there are more methods (like homograph) to mask a phishing URL on the Internet. To be safe from these we should not click on any 3rd party link even it looks like trusted.
This tutorial is for educational and research purposes only. Hacking or Phishing is a serious crime. If anyone does any illegal activity then we are not responsible for that.
For any questions please leave a comment, we try to reply everyone .