Although it is one of the most well-known and effective cyberattack techniques, millions of users still ignore the existence of phishing, its variants and indicators, which certainly contributes to the high degree of success shown by these attacks. Perhaps the most important feature of a phishing attack is the ease with which it can be deployed, as there are numerous tools for creating phishing sites available to anyone.
This time, the ethical hacking experts from the International Institute of Cyber Security (IICS) will show you the use of FotoSploit, a tool to create phishing links with preview that will make the target user believe that they will be redirected to a Facebook or YouTube page. This tool is ideal for sending phishing links through instant messaging platforms.
FotoSploit will allow you to send the victim a preview link with a blurry provocative photograph and some text. By clicking on the link, the target user will find a login page of the platform that we want; according to the ethical hacking experts, the trick is to arouse the victim’s interest or curiosity so that they enter their username and password impulsively on the phishing page and get their login credentials.
Remember that this material was prepared for teaching and informational purposes. Do not use this tool in uncontrolled environments.
INSTALLATION
Download FotoSploit from the GitHub repository:
clone https://github.com/Cesar-Hack-Gray/FotoSploit.git
Below we enter the installer rights:
+ x install.sh FotoSploit
Run the installer:
install.sh
USING FOTOSPLOIT
To launch the tool we must set all the necessary settings and execute the following commands:
foto <ruta de la imagen elegida>
set title url <texto de vista previa>
set view <YOUTUBE o FACEBOOK>
go
The tool will create the link that we must send to the potential victim, remember that the success or failure of the attack requires the victim to fall into the trap and hand over their login credentials and even their location data.
For more similar tutorials, visit the official platforms of the International Cyber Security Institute’s (IICS) ethical hacking experts.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.