What is SuperLink?
SuperLink is a tool developed by IHosseini083 using PHP and Ngrok to create websites that get user information including:
- Access to Victim’s Camera
- Access victim’s location
- Speed of movement
- Device Information
- Device’s operating system
- Browser Info
- IP address
- URL Redirect
- Get Windows 10 password
1 Sample website templates
- Online camera (for webcam access)
- Mini Music player
- Redirect when users access (for password grabber)
- Smile moon
- Weather forecast (for location data)
Available operating systems:
- Windows 10″
- Pop! os(20.04)
- Kali linux(2021)
This article is for reference only. I will not be responsible for any of your consequences. Please use this tool for research purposes, not to invade other people’s privacy. Thanks.
How to use SuperLink to Hack Webcam
Step 1. Get Ngrok . authtoken
You need to create Ngrok account to get access token authtoken code.
After creating an account, go to https://dashboard.ngrok.com/get-started/setup.
Find the section 2. Connect your account, save your authtoken code.
Step 2. Install and use SuperLink
Using ParrotOS or Kali LInux, open Terminal and execute the following commands:
Or you can download the file here
git clone https://github.com/anonyvietofficial/SuperLink.git
Access the downloaded folder:
Grant permissions for the installation file:
chmod +x linux_installer.sh
Run the installation file:
Open up the tool:
Before doing anything else, go to Ngrok to create an account and get authtoken because the first time they will ask you to enter so that you can create a tunnel with ngrok
I will test Hack webcam and take pictures
Since I want to hack the webcam, I will choose
Here it will ask you to enter your Authtoken ngrok. You go back to ngrok page to get Authtoken and enter here.
After the import is done, wait for it to process. When it’s done, it will look like the image below
Now I will try to go to the link that I just created.
It will catch the user for camera access. Once the user agrees, the image will be immediately transferred to your device
And this is the result after clicking Allow (Results will be saved at Superlink/Webcam-Images)
For you to do the 2nd time, They will ask for your Telegram ID to send the victim’s video in. For those of you who do not have a TeleGram account, you will not receive the victim’s video!
My second note is that this Toolkit should only be used for code research, not for others, otherwise you will be breaking the law.
What do you think about this tool? Leave a comment to let me know where you are having trouble. See also: Exercise: Using ZoomEye Hack Camera with vulnerability CVE-2018-9995 here.