Before getting into how blackeye works, I would like to refresh your knowledge regarding phishing and how it works. So let’s first understand “what is phishing“, “how does phishing work exactly“, and if you already know how phishing works skip to the blackeye installation section.
Table of contents
What is Phishing?
Phishing is the hacking method where the attacker tries to impersonate a legitimate website or an app. By making a website which looks exactly like the original website, hackers can trick victims into logging in the fake website and steal their username and passwords. These attacks happen a lot, and phishing is one of the oldest yet most effective technique in hacking. Before you needed manually make a phishing page by copying the code of the original page and editing it. There were many other tasks you actually needed to do before you could launch a proper phishing attack on the target victim.
How does Phishing work?
Phishing is done by using Emails, Text messages, phone calls. For example, hackers send phishing emails which when you open up, give you a warning. Fake warnings such as “that your bank account will be shut down immediately if you don’t reply to this email and confirm your identity“. When you click the verification link, it will take you to the webpage which looks exactly like the official one. Then you are asked to enter and credentials and Boom! Your credentials are captured by hackers, and your bank account is compromised. The email message can also say something like “your account has been hacked kindly login and verify your account“. This scares people and they login into their accounts via the fake link. This is how many of the accounts, even today, are compromised.
What is blackeye?
The actual task of making a phishing page appear authentic is tedious. However, blackeye is a tool which can make phishing as easy as stealing candy from a kid. Phishing and hacking accounts are by no means legal. This article is for educational purposes only. Blackeye is an automated script that has ready-made phishing pages for almost all the popular websites you can think off. You also have the custom option to make your own phishing pages.
For this article, I will make a fake phishing page to hack steam accounts. I will show you how easily hackers can hack and compromise websites.
Installation of BlackEye Phishing Tool
Step 1: Open a Kali Linux terminal and type the following command to download and clone the blackeye phishing tool on your kali machine:
git clone https://github.com/thelinuxchoice/blackeye
Step 2: Now to run the blackeye, navigate to the blackeye folder using the command,
To execute blackeye, run the file named blackeye.sh by typing the following on the terminal.
The command will open the terminal with all the available templates for phishing pages, and also an option for custom phishing template as shown in the image below.
How to use the blackeye Phishing tool
Using this tool is straight forward. I will demo how to hack a steam account with blackeye below. While I am using the steam template, you can similarly use any other templates from the list.
So let’s begin
Step 1: Select the template you want by entering the number on the terminal.
Step 2: The Blackeye tool needs your IP address for generating the payload, and by default, IP address is automatically fetched by the blackeye even if it is not provided by you.
Enter the IP address as shown:
Step 3: Now, your IP address is the new phishing link. Now use any method to share the link with the victim. While sharing tools, always use social Engineering so that you do not get detected.
We will soon post an in-depth guide regarding social engineering stay tuned.
Now you just have to wait for the victim to log in from the link and bam..!!
Step 3: When the victim clicks on the link and enters the password and account credentials, the credentials are intercepted and are passed on to our Kali Linux machine, as shown below. Also, the victim is redirected to the original steam page. Making the victim think he entered the wrong username password.
The kali terminal will display the credentials and all the information as shown:
So this is how you can easily hack any website using the Blackeye Phishing Tool on Kali Linux.
You can also use the custom page option; however, personally, I did not like it. It’s too simple and you cannot pass any URL as the parameter. You can only change the title and login screen. Since the webpage does not appear like the original site, it will be challenging to hack using this option, use the existing templates for hacking instead.
How do I prevent myself from getting hacked by phishing?
I will be writing an in-depth guide to detect phishing pages; however, the following are the key points you need to remember to detect phishing.
- Check for https and certificate authority
- Check the URL name is spelt correctly: e.g. www.facebook.com and not www.faccebbook.com
- Do not click on links from unknown senders.
- Do not share your private email id on websites. Use fake email instead.
- Do not share your mobile numbers on unknown websites.
- Do not install apps from unknown sources.
Commonly asked questions about hacking with blackeye Tool
Q1. Can I hack over wan(over the internet) with blackeye?
No, you can only use blackeye on lan. It was made for the same purpose
Q2. Who made this tool blackeye?
This tool was Coded by @linux_choice (https://github.com/thelinuxchoice/blackeye)
It was later Upgraded by @suljot_gjoka (@whiteeagle0)
Q3. Can I pass custom website URLs to blackeye?
No. You cannot pass custom URLs. For that social fish seems to be a better alternative hacking tool
Q4. How many websites can I phish with this blackeye tool?
At the moment 32 ready-made phishing templates are available. More will be added when the tool is updated.
Q5. Does the hacking world provide customer support for this tool?
No, we do not. If you have any errors, then you can mention them in the comment section. I’ll try my best to help. We are not official support.