Hey Folks, in this tutorial we’ll show you how we can bypass Google two-factor authentication via a phishing attack. As we know that we have the credentials of the victim account but we are sometimes stuck due to two factor authentication, hence we are not able to acquire the victim’s account even after obtaining the credentials, but through this tool we can bypass two factor authentication with the help of phishing page.
Let’s see how that is possible 🙂 !!
Installation
We already have done complete installation of this tool on our previous article so you need to revisit that article. You can revisit from here.
1 2 3 4 | git clone https://github.com/Ignitetch/AdvPhishing.git cd AdvPhishing/ bash Linux-Setup.sh ./AdvPhishing.sh |
After fully setup then boot up and choose the “6” option to create a google phishing page.
Got it 🙂 !! In the end it gives us the phishing link that we need to share with the victim. Done 🙂 !!
This happened to be a normal process that you would have to follow to create a phishing page. But the main part will be started from here. Let’s see 🙂 !! After the victim opens the link, the phishing page will look like the image below and obviously he will enter his credit to enter his account.
Alright 🙂 !! As you can see we have the credentials entered by the victim on the phishing page.
Without waiting for a second, immediately we need to go to the original web page and enter those credentials to enter the victim account.
OPPS 🙂 !! As we told you that if two factor authentication is enabled then we cannot access its account. Relax 🙂 !! After entering the credentials by the victim obviously he will wait a few minutes to get the OTP and in the meantime you have to follow the same steps that we have just done.
After trying to access the victim account, the OTP will go to the attacker and the victim will enter on the phishing page without any doubt.
O’Nice 🙂 !! You can see that we have successfully got the two factor authentication code, due to which we were not able to login to the victim account.
Amazing 🙂 !! As you can see that after entered the OTP on the phishing page by victim, we have finally successfully entered the victim account. Its Done 🙂 !!
Done 🙂 !! This tool also has an interesting feature through which we can get upcoming credentials on our Gmail account.