I’m still not entirely sure this is the right subreddit to post this in, however, I’m pretty glad to say I built my first Pentesting/Hacking tool (Link here: [https://github.com/bastien8060/MDPin](https://github.com/bastien8060/MDPin)).
Of course it is open-source, and it relies on social engineering to work. Although it is not an exploit, it exploits some browser’s trust in fullscreen mode (Eg. In-App browsers like instagram/reddit’s browser which open links has the feature to enter fullscreen but do not give any warning to the user, when using it).
This program lets you start a server with a backend and a frontend which mimics as close as possible Android’s login screen. It detects the phone’s brand and loads the brand’s default wallpaper. Ios does not work on purpose and will be greeted with a blank screen. The user will be shown a screen off animation then will be shown a lockscreen. They would slide up and enter their pin. An unlock animation will be shown and the phone will seem to be on [google.com](https://google.com). The backend will collect the pin code.
Of course this is to be used only for educational purposes. The goal here is to show how people are affected/uneducated about social engineering attacks still today. (People can’t always be trusted. Google does not ask for card details by email from a foreign email address. Social engineering over phone calls or even posted letters are also a thing etc…)
Thank you very much for reading this.