Phishing using ngrok & Social Engineering Toolkit

 What is Phishing?

It is a technique used to acquire personal information like username, password & card details.etc., by posing as a legitimate source.

In this blog, we are going to perform phishing using ngrok and setoolkit.

Note : This tutorial is just for educational purposes. Please do not use it to steal credentials.

Tools Required :

• Kali Linux installed in VirtualBox
• Social Engineering Toolkit (setoolkit) installed in Kali Linux
• Basic Linux Commands
• Internet Connection 

Steps to perform Phishing :

1. In Kali Linux, Open your browser and type ngrok.com and press Enter
2. In ngrok.com website, click on Sign Up to create your account
3. Fill up all your details and complete signup process
4. After completing the signup process, Click on Download for Linux option and save the File. Do not close the browser yet.
   
   
   
5. Open the Downloads and Extract the file
6. Go back to Downloads page in browser, Scroll down that page and Under the second option (Connect Your account) , there is a command, Copy that command and paste it in the Terminal with the directory same as downloaded file and Press Enter.
   
   
   
   
   
7. Then again Go back to the browser and copy the command under Fire it Up option and paste it in the Terminal and Press Enter.
   
   
   
8. ngrok opens up and gives you two forwarding links, you can use any of the links.
   
   
   
9. Now open another tab in the Terminal, and open social engineering toolkit, If you are using for first time, Type y and press Enter.
   
   
   
10. Now it asks to select the option from the given menu. Select Social-Engineering Attacks, To select that, Type 1 and Press Enter.
    
    
    
11. Now it shows the Attacks menu, We need to select Website attack vectors option. to select that option, Type 2 and Press Enter.
    
    
    
    
    
    
    
12. Now select Credential Harvester Method by typing 3 and Press Enter.
    
    
    
13. Now you will get three options to select. In this tutorial we are performing the phishing attack o facebook.com Login page. As the site is already present, we are selecting site cloner option by typing 2 and Pressing Enter.
    
    
    
14. Now it asks to enter the Forwarding Site, Now Go back to the ngrok tab in Terminal and copy any of the Forwarding link and Paste it in the setoolkit Terminal and Press Enter.
    
    
    
    
    
15. Now it asks which url to be cloned, copy the url o the facebook.com login page and paste it in the setoolkit terminal and Press Enter.
    
    
    
16. Now the Phishing process has started. Send the Forwarding link to other persons (Do not use it in malicious intent).
17. Now when the person enters the above url, it opens a facebook login page, If the user enter the Login credentials and Press Enter, the browser redirects the same page again or it shows error. 
    
    
    
18. To check the received details,  Go back to setoolkit Terminal and scroll up a little bit to see the credentials, what the user has entered.