Siddartha Devasani

Siddartha Devasani

An aspiring self-learning cybersecurity analyst.

Simulated Phishing Attack using BlackEye

June 17, 2025

Simulate a phishing attack using BlackEye on a local VM to understand how credential harvesting works.

Tools Used

BlackEye, Zphisher
Kali Linux(VM)
Localhost setup (VM)

Steps

Cloned BlackEye, Zphisher repositories from GitHub
Launched the phishing page for Instagram,Netflix
Used a tunnel to expose localhost (Ngrok, localxpose, etc.)
Opened the phishing page on victim browser
Captured the login credentials in terminal

Observations

Most kits just use HTML/CSS clones of login pages
BlackEye stores creds in plain text
Some pages are broken/outdated

Takeaways

Never trust links — always verify domains
Tools like these are good for defenders to understand attacker techniques
Real-world phishing often uses shortened or hidden URLs

Resources

Share on

X Facebook LinkedIn Bluesky

You May Also Enjoy

Building My First Terminal Game in Python: Hand Cricket 🏏

June 21, 2025

I created a basic hand cricket game using just Python and the terminal. Here’s how I built it, what I learned, and what I plan to improve.

Bypassing LocalXpose’s Phishing Warning Page

June 20, 2025

Observations found while trying Phising again