Next Level Phishing NoVNC | Bypass 2FA any Social Media

 Hi Hacker's again welcome back my new blog post, in this post we will learn How Hacker Use NoVNC in Phishing Technique. which is help to bypass two factor authentication. so let's see how we can complete this thing, and how hackers login to your account using NoVNC.

What is NoVNC

NoVNC (Network Virtual Terminal Protocol over VNC) is a web-based implementation of the VNC (Virtual Network Computing) protocol. VNC is a graphical desktop-sharing system that allows you to remotely control another computer's desktop environment. It was originally developed by the RealVNC team in the late 1990s.

With VNC, a "server" component runs on the remote machine, and a "viewer" component runs on the local machine. The server captures the screen display and transmits it to the viewer over the network. The viewer, in turn, sends input from the local user back to the server, allowing remote control of the remote machine.

NoVNC takes this concept a step further by providing a web-based viewer for VNC. It allows users to access VNC sessions directly through a web browser without requiring the installation of any additional software on the local machine. This is especially useful in situations where installing a dedicated VNC client is not feasible or allowed.

The NoVNC viewer is written in JavaScript, and it uses HTML5 canvas and WebSockets to create a functional VNC client that can be embedded in a web page. As a result, you can connect to a VNC server from anywhere with an internet connection and a web browser.

NoVNC supports various authentication methods, making it secure for accessing remote desktops over the internet. It has become a popular choice for web-based VNC solutions and is often used in virtualization environments and web hosting platforms where remote server access is needed.

The content has been made available for informational and educational purposes only. All practices demos are performed on my own devices or networks, Linuxndroid are not responsible for any type of action.

Step.1: Use NoVNC For Phishing Technique

ok so use NoVNC we will need a Cloud VPS, because we will start the VNC server here and access in out-of-network here so I will need a Cloud VPS machine, 

Note: You can use AWS, Digital Ocean, or any free server for this Purpose.

so here I am using Kali Linux 2023 VPS, inside which we are going to start and setup NoVNC. the first thing you have to install chromium browser in your Kali.

sudo apt install chromium

Step.2: Hide Phishing page inside NoVNC.

after chromium browser is installed. now you have to download NoVNC from Github, pay attention, this is NoVNC Official page, which cab be copied and pasted on your terminal.

git clone

Step.3: Bypass Social Media 2FA using NoVNC

ok now you have to start novnc server. with below command , as you type, ther novnc server will start the port 5901. also it will start its server on port 80, which you will be able to access on the browser.

./noVNC/utils/novnc_proxy --vnc --listen 80

Step.4: Access Computer Screen using Browser

After starting the NoVNC server, you have to open a new terminal. now in this terminal you have to type a command , what will happen is that a website will open on top of your browse. this website can be any. facebook or whatever you want.

chromium --no-sandbox --app= --kiosk

Step.5: No Phishing URL is block

now your computer or VPS can be accessed by any browser. With the help of this url, you can open it the browser, after which what result comes in front of us, we have open in front of us which we also typed on the terminal session.


Now if anyone login inside this opened window, then all this login is being login on your VPS machine where you have stared this server and in a way this is the whole original website. this is not a phishing website. but it is being accessed like NoVNC, so all your credentials are being saved on the Hacker's VPS. you are typing here on this browser, there is a complete operating system behind this browser.

Original idea by @mrd0x


This post conclusion is How hacker can be create a Phishing environment using NoVNC. and how can a whole Phishing page be hosted behind a NoVNC server. it is not a bug deal to bypass 2FA in social media Accounts, so I hope You like this post and Enjoy it, and I will See you in the next post Thanks keep Learning :)

Post a Comment