relateSec
Published in

relateSec

Location

Find Geo Location Of Any User

Nowadays most applications require a location to be enabled on your mobile devices. As the user enables location, the user can see more relevant searches where the user is currently present. Depending on what product or place, the user is searching for. Google gives more nearby results. This helps users to save a lot of time. But giving location access to unnecessary applications or websites could lead cybercriminals to know your location or even gather details where users visit. Due to the current situation around the world, some countries government has mandatory to enable location. It helps to know in which area the virus is spreading more.

Location

Giving location access to unnecessary could even lead to cyberbullying. Many cybersecurity experts have stated that enabling location could put users at risk. Enabling location could put your home or workplace at risk. Because cybercriminals could gather information. And even criminals can rob your home. In our previous article, we have shown how social engineering is the greatest weapon for cybercriminals. There are different types of social engineering attacks that are used by cybercriminals. Gathering the location of their victims is the biggest asset for cybercriminals. Because it reveals much more information about the victim.

Today we came up with another tool written in a shell script. Locator v1.0 is used in social engineering attacks or can be used in network penetration testing. Locator v1.0 generates a URL And that URL contains location access code. As the victim clicks on the URL. It will ask to give malicious location access. As the user gives location. This will send back the longitude, latitude, and google maps location to the attacker.

For testing we have used Kali Linux 2019.3 amd64. Open terminal type git clone https://github.com/thelinuxchoice/locator.git

Type cd locator and then type chmod u+x locator.sh for giving execution permission.

Type locator.sh

Locator Installation And Configuration

Type 01

After typing 01, locaior.sh will create URL containing location access script. Simply send this URL to any person.

Locator_Setup

Open the above link underlined in red or send this link to victim. So for testing we have open link.

Allow Location Access

As we clicked on allow locaiton access. Locator will capture its geo location with google maps link.

For security reasons we have hidden the exact location.

Geo Location

Click on the link marked in above screenshot. The link will directly shows the location of the victim. Link will open in web browser.

Google Maps

Above shows the geolocation of the testing machine. The above method can be used in firms to test for who person is most vulnerable to social engineering attacks. Because opening any such suspicious link could cost the company.

In further research, we will cover more tools related to location access.

Follow Us To Get More Detailed Information:-

Connect With Us on Social Media Platforms:-

https://www.instagram.com/relatesecurity/

https://www.facebook.com/relateSec

https://twitter.com/raghav_usr

https://twitter.com/RelateSec

Connect With Us on Telegram for Regular Updates Regarding Cyber Security:-

https://t.me/relateSec

For any inquiries mail us at: -

osecure.relate@gmail.com

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Raghav Bansal

Raghav Bansal

6 Followers

Articles about Cyber/ Information Security and different topics which can help organizations to secure their network and devices.