Skip to content
Grab target's webcam shots by link
Branch: master
Clone or download
Latest commit b54aa50 Apr 29, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Apr 28, 2019
README.md Update README.md Apr 29, 2019
ip.php Add files via upload Apr 28, 2019
post.php Add files via upload Apr 28, 2019
saycheese.html Add files via upload Apr 28, 2019
saycheese.sh Add files via upload Apr 28, 2019
template.php Add files via upload Apr 28, 2019

README.md

SayCheese v1.0

Take webcam shots from target just sending a malicious link

cheese

How it works?

The tool generates a malicious HTTPS page using Serveo or Ngrok Port Forwarding methods, and a javascript code to cam requests using MediaDevices.getUserMedia.

The MediaDevices.getUserMedia() method prompts the user for permission to use a media input which produces a MediaStream with tracks containing the requested types of media. That stream can include, for example, a video track (produced by either a hardware or virtual video source such as a camera, video recording device, screen sharing service, and so forth), an audio track (similarly, produced by a physical or virtual audio source like a microphone, A/D converter, or the like), and possibly other track types.

See more about MediaDEvices.getUserMedia() here

To convince the target to grant permissions to access the cam, the page uses a javascript code made by https://github.com/wybiral that turns the favicon into a cam stream.

Installing (Kali Linux/Termux):

git clone https://github.com/thelinuxchoice/saycheese
cd saycheese
bash saycheese.sh
You can’t perform that action at this time.