Marami sigurong gusto malaman kung posible nga ba na ma-integrate ang phishing site sa original site (database), ang totoo is "OO", and you can easily do this. (*Please note, this is not a tutorial)
May ginawa akong "integrated phishing site" para sa crossfire at dito makikita nyo na "security is just an illusion" lang talaga.
Test the site here: You do not have permission to view the full content of this post. Log in or register now.
IMPORTANT!
Gumawa kayo ng dummy account bago subukan ang demo, this thread is not intended to häçk any accounts. This is just an informative thread for all of us.
So paano ko na-integrate yung phishing site? Madali lang.
Flowchart:
Login -> "CF login endpoint" -> Process -> "CF response" -> Parse -> Save account or not
Dahil "ajax" ang gamit ng gameclub sa login forms nila, ginamit ko yung endpoint na yun para magsend ng login requests remotely from the phishing site, naka spoof yung headers ng request kaya iniisip ng gameclub galing padin sa site nila yung request. And that's it, kapag nag return ng "success" yung endpoint nila, ma-lologin yung user sa main site ng gameclub at masasave yung account details, kapag naman "failed" yung response, just show alert message at wag i-save. Hindi tapos yung design ng phishing kasi wala naman talaga akong plano tapusin, ginawa ko lang yung site para sa thread na to.
Sa mga hihingi ng source code, sorry hindi ko po ire-release ito for public usage. Madaming bobong abusado sa pinas pasensya na haha
If may questions kayo, just reply to this thread
Hit like kung may natutunan kayo
May ginawa akong "integrated phishing site" para sa crossfire at dito makikita nyo na "security is just an illusion" lang talaga.
Test the site here: You do not have permission to view the full content of this post. Log in or register now.
IMPORTANT!
Gumawa kayo ng dummy account bago subukan ang demo, this thread is not intended to häçk any accounts. This is just an informative thread for all of us.
So paano ko na-integrate yung phishing site? Madali lang.
Flowchart:
Login -> "CF login endpoint" -> Process -> "CF response" -> Parse -> Save account or not
Dahil "ajax" ang gamit ng gameclub sa login forms nila, ginamit ko yung endpoint na yun para magsend ng login requests remotely from the phishing site, naka spoof yung headers ng request kaya iniisip ng gameclub galing padin sa site nila yung request. And that's it, kapag nag return ng "success" yung endpoint nila, ma-lologin yung user sa main site ng gameclub at masasave yung account details, kapag naman "failed" yung response, just show alert message at wag i-save. Hindi tapos yung design ng phishing kasi wala naman talaga akong plano tapusin, ginawa ko lang yung site para sa thread na to.
Sa mga hihingi ng source code, sorry hindi ko po ire-release ito for public usage. Madaming bobong abusado sa pinas pasensya na haha
If may questions kayo, just reply to this thread
Hit like kung may natutunan kayo
Last edited by a moderator: