Accurately Locate Smartphones using Social Engineering |
Accurately Locate Smartphones using Social Engineering Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Read more on thewhiteh4t's Blog .Seeker Hosts a fake website which asks for Location Permission and if the target allows it, we can get : Longitude Unique ID using Canvas Fingerprinting This tool is a Proof of Concept and is for Educational Purposes Only, Seeker shows what data a malicious website can gather about you and your devices and why you should not click on random links and allow critical permissions such as Location etc. How is this Different from IP GeoLocation Seeker uses HTML API and gets Location Permission and then grabs Longitude and Latitude using GPS Hardware which is present in the device, so Seeker works best with Smartphones, if the GPS Hardware is not present, such as on a Laptop, Seeker fallbacks to IP Geolocation or it will look for Cached Coordinates. Generally if a user accepts location permsission, Accuracy of the information recieved is accurate to approximately 30 meters Accuracy depends on multiple factors which you may or may not control such as : Device - Won't work on laptops or phones which have broken GPS NearYou Once your template is ready, do not forget to propose it to the community via a PR (pull request) Tested On : Go back |
26-02-2024, 01:41 |