Today, we are going to learn how to steal your friend's Android PIN and IPhone passcode using a single link.


It’s easy to steal your friend’s Phone PIN and windows password using a single link. This all can be done by just sending a link to our friend. So today we will talk about a tool called Lockphish. Using this we can steal Android PIN, iPhone Passcode and even windows password of victim.

This tool uses Ngrok server for traffic collection. The aim of Ngrok is to capture the PIN or password and send back to the hacker on private network. Similar to Ngrok, there are many other providers like LocalHost, Serveo, LocalXpose, LocalHostRun which are used by researcher of International Institute of Cyber Security for Lab purpose


  • OS: Kali Linux 2019.3 64 bit
  • Kernel version: 5.2.0


Use the cd command to enter into lockphish directory.

Now, use this command to launch the tool.

  • bash
  • When we launch the tool, we have to enter the redirect phishing link.
  • Then it will download the Ngrok server automatically, start both Ngrok & PHP server and it will provide an HTTPS phishing link.
  • Now, send this URL to the victim or your friend. If victim opens the URL on mobile and click on this link.

Lockphish – Phishing Link

"Avail 50 % Discount with Coupon "HALFOFF" for OSCP prep Course "Practical Hands on Offensive Penetration Testing - Beginner to Advance ".30 Days Money Back Guarantee.

Click Here to Avail the Offer "

Victim will be directed to lock screen page. Where he/she will think that his mobile got locked and he/she will be asked to enter Android PIN, iPhone Passcode and even windows password if opened in Windows machine

If the victim enters the password and clicks on Ok. The Ngrok server collects the PIN or password and send back to hackers’ machine.

  • Here, successfully got the victim’s Phone PIN, it identify the IP address and device details of the victim.
  • In the same way, we can perform for any Phone and windows machine.


Here, we saw on how to steal the victim’s PIN or Password using the single link in less time. You should always beware while opening any unknown URL on your mobile phones and computer.