🔍 Introduction
CamPhish is a social engineering tool used by ethical hackers and penetration testers to demonstrate the risks associated with unauthorized camera access. This article presents CamPhish for educational purposes only — to help cybersecurity students and professionals understand how such attacks are conducted and how to defend against them.
⚠️ Disclaimer
This guide is for educational use only. Unauthorized access to computer systems, webcams, or networks without permission is illegal and unethical. Use this tool in controlled lab environments or with the explicit consent of all parties involved.
🧰 Requirements
- Kali Linux (or any Debian-based distro)
- Stable Internet Connection
- Git installed
🔧 Step 1: Install CamPhish
git clone https://github.com/techchipnet/CamPhish.git
cd CamPhish
bash camphish.sh
🧠 Step 2: Understand How It Works
CamPhish creates a phishing link that, when clicked by a victim, requests camera access via their browser (usually under the pretext of something like "verify your identity"). It uses ngrok or serveo.net to expose local web servers to the internet.
🌐 Step 3: Choose Port Forwarding Option
Once the script launches, you’ll be prompted to select either:
- Ngrok: Recommended for secure and stable tunnel creation.
- Serveo.net: Alternative for SSH-based tunneling.
🔗 Step 4: Share the Phishing Link
After selecting your option, CamPhish will generate a public URL. Share this with your lab test subject (must be informed and consented).
🎥 Step 5: Capture Webcam Snapshots
Once the victim clicks and allows webcam access, CamPhish will begin capturing frames and store them in your project folder under cam_photos/.
🔐 Step 6: Defense Against Such Attacks
- Always check browser permission prompts.
- Use trusted URLs and inspect suspicious links before clicking.
- Install browser security extensions like NoScript or uBlock Origin.
- Educate users about social engineering and phishing risks.
📚 Conclusion
CamPhish highlights how easily social engineering can lead to privacy breaches. By studying tools like CamPhish in ethical settings, cybersecurity learners can better prepare for defending against such attacks in real-world scenarios.