Seeker : Accurately Locate Smartphones Using Social Engineering

Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites.

It Hosts a fake website on In Built PHP Server and uses Serveo to generate a link which we will forward to the target, website asks for Location Permission and if the target allows it, we can get :

  • Longitude
  • Latitude
  • Accuracy
  • Altitude – Not always available
  • Direction – Only available if user is moving
  • Speed – Only available if user is moving

Along with Location Information we also get Device Information without any permissions :

  • Operating System
  • Platform
  • Number of CPU Cores
  • Amount of RAM – Approximate Results
  • Screen Resolution
  • GPU information
  • Browser Name and Version
  • Public IP Address
  • IP Address Reconnaissance

This tool is a Proof of Concept and is for Educational Purposes Only, Seeker shows what data a malicious website can gather about you and your devices and why you should not click on random links and allow critical permissions such as Location etc.

Also Read – BurpSuite : Secret Finder Extension To Discover APIkeys/Tokens From HTTP Response

How is this Different from IP GeoLocation?

  • Other tools and services offer IP Geolocation which is NOT accurate at all and does not give location of the target instead it is the approximate location of the ISP.
  • Seeker uses HTML API and gets Location Permission and then grabs Longitude and Latitude using GPS Hardware which is present in the device, so Seeker works best with Smartphones, if the GPS Hardware is not present, such as on a Laptop, Seeker fallbacks to IP Geolocation or it will look for Cached Coordinates.
  • Generally if a user accepts location permsission, Accuracy of the information recieved is accurate to approximately 30 meters, Accuracy Depends on the Device.

Note : On iPhone due to some reason location accuracy is approximately 65 meters.

Templates

You can choose a template which will be used by seeker from these :

  • NearYou
  • Google Drive (Suggested by @Akaal_no_one)

Tested On

  • Kali Linux 2019.2
  • BlackArch Linux
  • Ubuntu 19.04
  • Kali Nethunter
  • Termux
  • Parrot OS

Installation

Kali Linux / Ubuntu / Parrot OS

git clone https://github.com/thewhiteh4t/seeker.git
cd seeker/
chmod 777 install.sh
./install.sh

BlackArch Linux

pacman -S seeker

Docker

docker pull thewhiteh4t/seeker

Termux

git clone https://github.com/thewhiteh4t/seeker.git
cd seeker/
chmod 777 termux_install.sh
./termux_install.sh

Known Problems

  • Services like Serveo and Ngrok are banned in some countries such as Russia etc., so if it’s banned in your country you may not get a URL, if not then first READ CLOSED ISSUES, if your problem is not listed, create a new issue.

Demo

Download
R K

Share
Published by
R K
Tags: SeekerSmartphonesSocial Engineering
5 years ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago