CamJacking v2.0 β Simulating Real-World Camera Phishing for Security Awareness
CamJacking is an enterprise-grade security awareness training framework built to simulate realistic phishing attacks that abuse webcam permissions. Designed for ethical hackers, red teamers, and security teams, CamJacking helps organizations understand how easily users can be tricked into granting camera access β and how to defend against it.
π― What is CamJacking?
CamJacking creates realistic phishing pages that request camera access under legitimate-looking scenarios (video calls, verification pages, meeting joins, etc). Once permission is granted, the framework captures user behavior and logs activity for security awareness training and red team simulations.
Unlike simple PoC tools, CamJacking v2.0 includes a full Admin Dashboard, campaign management, Telegram alerts, and template automation β making it suitable for enterprise security training programs.
π Key Features in v2.0
- πΈ Camera Phishing Simulation β Realistic camera permission abuse scenarios
- π₯οΈ Admin Dashboard (GUI Panel) β Manage campaigns, view logs, and monitor targets
- π€ Telegram Bot Integration β Receive captured alerts in real time
- π Auto Template Updates β Fetch latest phishing templates automatically
- ποΈ Campaign History & Logs β Track user activity and behavior
- π Public URL Generation β Automatic internet exposure using Cloudflare tunnels
β‘ Step 0: install camjacking tool
npm install camjacking -g
You will be greeted with the interactive CLI main menu:
βββ(Hacker@linux)-[~]
ββ$ camjacking
v2.0
βββββββ ββββββ ββββ ββββ βββ ββββββ ββββββββββ ββββββββββ βββ βββββββ
βββββββββββββββββββββ βββββ ββββββββββββββββββββββ ββββββββββββ βββββββββββ
βββ βββββββββββββββββββ ββββββββββββββ βββββββ βββββββββ ββββββ ββββ
βββ βββββββββββββββββββββ ββββββββββββββ βββββββ ββββββββββββββββ βββ
βββββββββββ ββββββ βββ ββββββββββββββ ββββββββββββββ βββββββββ βββββββββββββββ
ββββββββββ ββββββ βββ ββββββ βββ βββ ββββββββββ βββββββββ βββββ βββββββ
Author: @karthithehacker
Website: karthithehacker.com
Main Menu
βββββββ³βββββββββββββββββββββββββββ
β No. β Option β
β‘βββββββββββββββββββββββββββββββββ©
β 1 β π― Create new Target β
β 2 β π Select Existing Targetβ
β 0 β β Quit β
βββββββ΄βββββββββββββββββββββββββββ
π§ Step 1: Create a New Target
- Select
1 β Create new Target - Enter a target name (e.g.,
Bob)
π¨ Step 2: Select a Template
Choose a phishing template such as Instagram, Google Meet, TikTok, or Telegram:
v2.0
βββββββ ββββββ ββββ ββββ βββ ββββββ ββββββββββ ββββββββββ βββ βββββββ
βββββββββββββββββββββ βββββ ββββββββββββββββββββββ ββββββββββββ βββββββββββ
βββ βββββββββββββββββββ ββββββββββββββ βββββββ βββββββββ ββββββ ββββ
βββ βββββββββββββββββββββ ββββββββββββββ βββββββ ββββββββββββββββ βββ
βββββββββββ ββββββ βββ ββββββββββββββ ββββββββββββββ βββββββββ βββββββββββββββ
ββββββββββ ββββββ βββ ββββββ βββ βββ ββββββββββ βββββββββ βββββ βββββββ
Author: @karthithehacker
Website: karthithehacker.com
Select Template
βββββββ³ββββββββββββββββββββββββ
β No. β Templates β
β‘ββββββββββββββββββββββββββββββ©
β 1 β GoogleMeet β
β 2 β TikTok β
β 3 β Instagram β
β 4 β InstagramCamera β
β 5 β Instagram_VideoCall β
β 6 β TelegramCamera β
βββββββ΄ββββββββββββββββββββββββ
π Step 3: Server Started
Once the template is selected, CamJacking automatically starts the phishing server and generates both local and public URLs:
- π Local URL β For testing on your machine
- π Public URL β Share this link during awareness simulations
- π₯οΈ Admin Panel β Monitor logs and captured data
πΈ Step 4: Capture Logs & Media
When a user opens the target URL, activity is logged automatically:
v2.0
βββββββ ββββββ ββββ ββββ βββ ββββββ ββββββββββ ββββββββββ βββ βββββββ
βββββββββββββββββββββ βββββ ββββββββββββββββββββββ ββββββββββββ βββββββββββ
βββ βββββββββββββββββββ ββββββββββββββ βββββββ βββββββββ ββββββ ββββ
βββ βββββββββββββββββββββ ββββββββββββββ βββββββ ββββββββββββββββ βββ
βββββββββββ ββββββ βββ ββββββββββββββ ββββββββββββββ βββββββββ βββββββββββββββ
ββββββββββ ββββββ βββ ββββββ βββ βββ ββββββββββ βββββββββ βββββ βββββββ
Author: @karthithehacker
Website: karthithehacker.com
[+] User opened url /?uuid=xxxx
[+] IP Address: xxx.xxx.xxx.xxx
[+] User-Agent: Browser Info
[+] Log Timestamp: 2026-02-24T19:44:21Z
[+] Saved file: ~/camjacking-photos/<TARGET-UUID>/image.jpg
All captured images are stored in:
~/camjacking-photos/<TARGET-UUID>/
π Admin Dashboard Monitoring
Access the Admin Dashboard to view logs, targets, and captured media:
π https://cappriciosec.com/camjacking
β Stop the Server
Press x in the terminal at any time to stop the running server.
This will launch the interactive CLI menu where you can create targets, select phishing templates, and start campaigns.
The dashboard allows you to:
- View live activity
- Monitor captured logs
- Manage Telegram Chat ID
- Review campaign history
π€ Configure Telegram Alerts
Connect your Telegram bot to receive real-time alerts whenever a user opens the phishing page or grants camera permissions.
- Open Telegram and search
@CappricioSecuritiesTools_bot - Click Start and get your Chat ID
- Paste the Chat ID inside the Admin Dashboard profile settings
π¨ Custom Phishing Templates
CamJacking automatically clones the official template repository and loads phishing templates dynamically. You can also add your own custom HTML/CSS designs without writing any camera code β the framework injects camera logic for you.
π― Real-World Use Cases
- π¨βπ« Security Awareness Training β Teach employees about camera permission risks
- π§ͺ Red Team Simulations β Measure human-layer attack surface
- π’ Enterprise Phishing Drills β Run controlled phishing campaigns
- π Cybersecurity Training Labs β Hands-on learning for students and professionals
β οΈ Legal & Ethical Disclaimer
CamJacking is strictly intended for authorized security training, educational purposes, and controlled lab environments. Any unauthorized use against real users or systems without explicit permission may be illegal.
π Project Links
GitHub Repository: https://github.com/Cappricio-Securities/camjacking
π§ Final Thoughts
CamJacking v2.0 goes beyond a simple phishing PoC. It is a full-fledged security awareness framework that helps organizations measure human risk, train employees, and improve their overall security posture. If your goal is to simulate real-world social engineering attacks in a controlled, ethical way β CamJacking is built for exactly that.
