PYPHISHER WRITEUP BY TAPAUSERVER

EDUCATION PURPOSE [!]

So first of all open the terminal then open the tool by typing the command python3 pyphisher.py

after the tool is opened, the tool will give a notice asking about ngrok and loclx hosts, here I will type n which means no because in this tool cloudflared hosts are already provided.

why do i use cloudflared hosting?

the answer is because this host does not need to bother to create an account like other hosts, so by using the cloudflared host it will make it easier for me to use this phishing tool.

then the tool will issue another notice related to generating and passphrase, there is no need to type anything because this function is not required for beginners so I will just skip by pressing enter several times until the notice disappears.

then the tool will display the site option that you want to clone, here I will only select number 1 for the normal Facebook login by typing number 1.

after typing number 1 it will give an option whether to use OTP (ONE TIME PASSWORD) or not, so I will just type n because I don't need this option on the cloning site.

after that it will give another notice about shadow url and redirection url, here I will skip by pressing enter.

after choosing the option, the tool will prepare the site you want to clone, here just wait until it's done.

after finishing the tool will give the url of the cloned site, so here there are several hosts that can be used but I prefer cloudflared because there is no need to create an account as I said earlier.

after that it will give a notice about the custom domain, so here I will press y why?

the answer is because the domain that has been given above is quite suspicious if seen by the victim because the domain looks like a trap so it will make it difficult for the attacker to use social engineering skills

because this cloned site is facebook so I will use the facebook domain which is facebook.com and for the subdirectory I will put the login-details, this is just an example you can use the real subdirectory that is on facebook.

after finishing the tool will provide the domain that we have setup earlier. although it still has a few suspicious features, but there are many more functions that can be added to complete the attack process depending on the skills you have, among which you can use DNS poisoning attacks on the victim or other skills that can be used.

then you can send the given url to the victim or you can try it first by opening it.

so the following is an example of pov if someone clicks and fills in the information on the site that has been cloned, so here I will fill in this facebook login randomly

lastly, you just open the terminal again and you will see the results of what has been filled in the cloning site login earlier, you will not only get login information but you will also get information such as ip, location and others. This happened because you clicked on the url. this has shown how dangerous it is if we just click the url without checking.

because of that we must have knowledge about the latest cyber attacks and know what platform or security is best to avoid being affected by cyber attacks.

the way to recognize if the site is phishing or even site cloning is to check the url using Virus Total.

This can be done very easily, just by entering the url that you think is suspicious on Virus Total then it will give a warning notice (red color) if it is indeed a trap.

https://www.virustotal.com/gui/home/url