Labels

Instagram phishing using HiddenEye

Phishing is an attempt to obtain sensitive information or credentials, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.


In this post we will see how to phish Instagram accounts and also how to prevent this.

To perform phishing, various tools are available. Here we will use HiddenEye.

Installation

git clone https://github.com/DarkSecDevelopers/HiddenEye.git
cd HiddenEye
pip3 install -r requirements.txt


Usage

sudo python3 HiddenEye.py



Step: 1

Choose Instagram: [08]

Step: 2

Select Standard Instagram Web Page Phishing [1] from Operation mode:


Step: 3

If you do not want a Keylogger, choose N. You can also add a Keylogger by choosing Y to find the keys pressed while entering credentials. Here we choose N


Step: 4

We don't want to add a Cloudfare Protection fake page. Choose N



Step: 5

Since we don't want a Config file, choose N


Step: 6

Next, we need to add a custom redirect URL to redirect to once the user has logged in with the credentials. We will use Instagram home page.



Step: 7

Select a port between 1024-65535 . We will choose port 1068



Step: 8

Choose any available server. Here we will choose Ngrok [1] server



Step: 7

Now's the fun part. Copy the NGROK URL and paste it on your browser or send it to your victim to get user credentials.



You can see the Instagram login page

Step: 8

Once the credentials are entered and logged in, you can see the credentials on the terminal.



HiddenEye can also be used to Phish various other accounts as we saw earlier.

Prevent Instagram Phishing

  1. Read permissions before giving authorization to any other third party apps.
  2. Always enable 2 factor authentication. Hackers won't be able to log in to your account even if they know the password.
  3. Do not authorize other apps to increase follower counts or auto liking platforms. Even if you do, change password immediately.
  4. And most importantly, do not open links from unknown sources.


This information is only for educational purpose and we are not responsible for any kind of illegal activity done by this tool.




Hope you have enjoyed reading this.
Leave a comment below
Labels:

Comments

  1. UnknownAugust 3, 2020 at 10:57 PM

    As someone whose Instagram account was phished ( by the person who wrote this article), I can guarantee that this works perfectly.

    ReplyDelete

Post a Comment

Popular Posts