How To Hack Social Media Accounts Using AdvPhishing

AdvPhishing is a phishing tool which allows the user to access accounts on social media even if two-factor authentication is activated. AdvPhishing allows the user to gain the target’s username, password and latest one-time password (OTP) in real-time as the target is logging in. In addition to this the user can use AdvPhishing to obtain the target’s IP address. AdvPhishing is available on both Android and Linux.

Before using AdvPhishing, the user is required to allow the target to access the local server using ‘ngrok’. ngrok will generate a token which the user must import into his local machine. Further details are available at the ngrok website.

After starting AdvPhishing, the user must select the target website from 15 different options. These options include popular websites such as Facebook, Instagram, Netflix and many more. After selecting the website, the tool will automatically download the prerequisite requirements for the website and wait for the ’ngrok’ tunnel to be activated. After the tunnel has been activated, a link will be generated which must be sent to the target. Once the link has been accessed, the target will see a clone version of the website where the target will naturally enter their confidential information and OTP.


In this tutorial we’re going to use a tool AdvPhishing there are so many tools we can use but this one is straight forward and it’s very easy to use, so download the tool from github from this LINK:

    git clone

    cd AdvPhishing/

    chmod 777



When first run the app it’s going to check for requires and then you will see this screen:

Let’s see we are going to hack the victim with Twitter link, chose number 21 and press Enter:

Now the app is using Ngrok and gave us a link to send it to the victim, we can take this link and shorting it with

Now the link looks like something legit right, now all you have to do is send it and wait for that person to porn the link:

The victim enter their credentials and when they click on login we get their credentials back on our terminal:

As we can see the email address and the password that person has entered are showing up very clear.

Of course we could write them an email and send it to them saying that there have been some weird activity on their account and they need to login immediately and change their password, and give them out custom link to press and direct them to that fake page we made with the tool.

The lesson here is never trust a random email or message from unknown source and try not to open any link or attachment from untrusted source, and we trying to login to your social media account use the apps installed on your phone or from the official links if using a laptop.

2 thoughts on “How To Hack Social Media Accounts Using AdvPhishing”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s