Phishing For Passwords Using Ngrok & EvilPhisher

What is Phishing?

Phishing is where a malicious person clones a website and injects a malicious php script that allows them to capture the post request which contains the username/password.

How Complex is it?

Phishing is such an easy way to steal someones password and the complexity is really low, but it requires a lot of social engineering. There are so many tools already programmed to do this sort of attack, one of them is called EvilPhisher. I will talk about how to use it later on in this post.

How can I prevent myself from phishing attacks?

One of the most useful ways to prevent yourself from being phished is to not click on any links that look fake and malicious, how can you recognize that it is fake, well let me explain.

Let’s have a look at Facebooks real URL:

Now, let’s look at a couple of fake ones:

If you look at these urls, you can easily see that the bottom two are fake because they are different.

This is just one of many ways to prevent yourself from being phished.

Another way is to have a really good antivirus solution, because many of these block malicious websites.

Also, a handy website to check if a website is malicious is You can submit a URL that might look dangerous and it will show you all the different anti-virus scanners that detected it as a threat.

How Can I Phish For Passwords?

There are many ways for doing this but a good tool that I designed in python which is called EvilPhisher.

It can be downloaded from GitHub, and it’s really easy to use. It has many different websites that you can clone and phish for passwords.

How can I install EvilPhisher?

To install the program follow these instruction

git clone
cd EvilPhisher

This slideshow requires JavaScript.

How does EvilPhisher Work?

EvilPhisher works quite simply I first saved the website to a folder and modify the html code so, when they click on the fake link it redirect them to my post.php page that captures the post request which contains the username/password. After it captures the username and password it saves the credentials to a file and redirects them to a website that the attacker wants them to go to. It also uses ngrok to tunnel port 80 which allows this phishing page to be accessed on the WAN (Wide Area Network) basically anywhere around the world.

What is Social Engineering?

Social engineering is a human hacking technique which is used in phishing attacks to send someone and email or message to convince the person to click on it and type in there credentials, Humans are dumb when it comes to this because they are the easiest to hack only if you’re not computer savvy.

Real Life Scenarios

Some real life scenarios would be if an attacker setup a malicious banking site such as Bendigo Bank and they send the target an email pretending to be the bank, they either use email spoofing to create a fake email and once the victim types in his/her credit card information it then get’s sent back to the attacker to then use.


I hope you enjoyed this post, stay safe.

Leave a Reply