The 69Phisher tool is a phishing application created to obtain sensitive information from victims, such as login credentials for Facebook and Instagram, LinkedIn, and other platforms. Developed by Akshay-Arjun using a bash script, it is comparable to the zphisher tool. It is an advanced phishing tool designed to demonstrate and facilitate phishing attacks. It helps users generate phishing pages that look much like the target website, making confusing targets and giving out sensitive information easier. In order to make it more plausible, this tool makes use of Cloudflare secure chat with SSL/TLS encryption. As such, it buries the phishing stuff and makes it look more authentic. Then, it harvests victims’ login information and other private data. This information, you know, is simply displayed on a Linux terminal.
The cool thing is that users can run specific commands that turn on to see the data logs they’ve captured. This will give excellent insight into phishing attempts and how victims react to them. Pretty interesting!
Note: Although the tool is good and demonstrates some phishing strategies pretty well, remember this is a teaching tool and should only be used for educational purposes. It should enable people and organizations to have a better grip on phishing threats and know how to protect themselves against them.
Let’s see how we can perform a phishing attack using the 69phisher Tool:
- How to use it.
- Just clone this repository.
Open a new terminal and type the following command.
Step 1: $ git clone https://github.com/Akshay-Arjun/69phisher.git
Step 2: Open 69phisher.sh
It is an executable file. To execute it, write
$ ./69phisher.sh
This displays the list of available scam pages. This option also creates a link that uses Cloudflare to tunnel your communication with SSL/TLS encryption securely.
The tool has started running successfully. Now, we have to choose the options from the tool for which we want to create a phishing page.
Step 3: From these options suppose we are going to create a phishing page for Instagram, hence we will select option 2.
Step 4: Now, it gives us four templates to choose from. Suppose we want to create a page for the Blue badge, then select option 4.
Step 5: After selecting the option, we will see this interface.
Step 6: Select the URL and send it to the victim using phishing techniques. Once the user enters their ID and password, it will be reflected in the terminal.
Step 6: Once the victim clicks on the link, this page will be displayed in front of them to enter the username and password.
Here is an example,
username: xyz
Password: xyz.com
Step 7: Go back to your terminal. As we can see the username and password were captured here.
We can see that the victim has been compromised by the phishing attack, with their login details visible in the terminal.
Clearly, Phisher69 explains the tactics and techniques involved in carrying out phishing attacks to exploit vulnerabilities and collect sensitive information. It is made possible with the help of secure tunneling powered by Cloudflare and SSL/TLS encryption, clearly exposing a view of how phishing schemes work and what methods attackers use to hoodwink victims.
These practical examples show that such threats are almost impossible to avoid without strong security and heightened awareness. Attackers even capture an individual’s login information and trace victim activities. Understanding this modus operandi will give an edge to an individual and an entity in preparation and protection from these phishing attacks. Therefore, the techniques documented here will assist one or an organization in being much better placed to defend against them and, thus, reduce the risks accompanying a phishing attack.
