Credential phishing using Android Hotspot

In today’s digital age, cyber security is paramount. As technology advances, so do the tactics used by cybercriminals to gain unauthorized access to sensitive information. One such method is credential phishing, which tricks individuals into revealing their login credentials.

In this blog post, we will explore how credential phishing can be executed using Android Hotspot Captive Portals.

Requirements:

  1. Android device with root access
  2. Termux application
  3. Installed packages: PHP

Install Credential Phishing tool

Installing this tool is very easy, however, let’s see how to install it without any errors.

Step 1: Download The Tool

To begin downloading the android-portals programme in your terminal, copy the following command and paste it into your terminal, then hit the enter button.

				
					git clone https://github.com/kleo/android-portals.git
				
			
Credential phishing using Android Hotspot
Output for downloading the tool

Step 2: Change The Directory

After downloading the credential phishing tool, navigate to the android-portals directory so execute the following command in your terminal.

				
					cd android-portals
				
			
Output for changing the directory

Now you must activate your hotspot in without password, the most important thing is that your hotspot name should be appealing to others, and then you may obtain your target’s credential by following the procedures in the video below.

Testing and Considerations

This method has been tested on a Sony Xperia XZ1 Compact running LineageOS 17.1 with Magisk. It is important to note that certain considerations must be taken into account:

  • Hotspot fails to trigger the “Tap here to sign in to network” notification without an active internet connection. Turning on mobile data without any load worked in our testing.
  • The captive portal does not gracefully exit or authorize the user for an internet connection since the required /generate_204 endpoint with the HTTP header 204 does not exist.

In general, no one wifi connection does not ask for your social media account login or password, so if any wifi does, know that it is a phishing attempt and do not write anything.

I hope this post was helpful to you, and please share it with your friends. If you have any questions regarding this topic, please contact me using the form below.

Latest articles

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

Skip to content