by 
In this article, I’ll teach you how to use the “CamPhish” application to capture images from someone’s phone front camera or PC webcam. CamPhish creates a fake website on a PHP server and uses ngrok and serveo to build a link that is sent to the target. The connection can be utilized via the internet.
What is CamPhish
CamPhish is a tool designed for phishing attacks on mobile platforms, particularly targeting Android devices. It facilitates unauthorized access to the phone’s camera, potentially compromising user privacy and security.
Install CamPhish
1. First, you must clone the camphish tool by running the following command:
git clone https://github.com/techchipnet/CamPhish2. Then, use the following commands to launch the tool:
cd CamPhish
bash camphish.sh
3. As you can see, it asks you to pick between ngrok and serveo. In my example, I will enter ngrok by hitting 1.
4. When you tap 1, it will prompt you to select the template you wish to use for the attack. I will select option 2 for YouTube.
5. The YouTube watch ID refers to the end ID of a YouTube video URL, as seen in the picture below.
6. Camphish will provide a direct link that you have to send to the victim.
7. Because the link is suspicious, you can conceal it behind some text as a hyperlink or embed it in a button.
Once the victim clicks on the link and gives camera access, Camphish will begin snapping images of the target with the front camera.
8. Here you may see “Cam file received”. This implies that the photo-taking procedure has begun.
9. You may see the taken images in the camphish directory.
Conclusion
These kinds of attacks may be avoided by first inspecting the link and how the URL is created. As a result, be very skeptical of any emails you get; if the email has a link, do not click on it. Instead of clicking on the link, enter the web URL to reach the website.
