- Joined
- Aug 19, 2023
- Messages
- 909
- Reaction score
- 23,828
- Points
- 93
- Thread Author
- #1
Hello Community ! In this tutorial you are going LEARN how to create a PHISHING page and make it look like any website you want to target!
1Download the HTML Index of the Target WebpageTo start off, you need to obtain the HTML index of the page. There are various methods of doing this, there are even templates online for popular sites. In this tutorial, I am going to use the most basic way in order to be as noob-friendly as possible.
Navigate to Your WebpageIn this tutorial, I am going to phish Facebook.
PICTURE : 1 — Postimages
View the Source of the Webpage.Depending on your browser, there may be different methods. Normally it is done by right clicking the site and clicking "View Source". I have done that on my browser and a windows should come out similar to this:
Picture : 2 — Postimages
On the box to the right is the source of the website. Which leads on to the next step:
Downloading and Saving the Source CodeSelect the box, and copy-paste everything in the box to a txt document. Use Notepad on windows, and a simple text editing program if you are not using windows. (Don't use programs like Word or Pages because it is really slow). After you have done that, click "Save As" or whatever option that allows you to save that document. On Notepad it should look like this:
Picture: 3 — Postimages
Change "Save as type" to All Files and change the encoding to Unicode.
After that, name the document "index.html", obviously without the speech marks.
PICTURE: 4 — Postimages
Congratulations! You have finished the first step of the tutorial!
Step 2Creating a PHP File for Password HarvestingThe PHP file is basically the tool that harvests the users password in this scenario. There are several ways you can create this PHP if you have some programming knowledge, but if you don't, just copy my exemplar PHP.
Same as above, save the PHP file as "All Files" and as "post.php". Change the encoding to Unicode and you should be ready to go!
PHP code: https://ghostbin.com/YzwXO
Step 3Modify the Page HTML File to Incorporate Your PHP File in It.Now, we need to incorporate our PHP file, to receive passwords that the users send.
Find the Password-Sending MethodFirst, you need to see how the website deals when the user submits a username-password.
For Facebook, all you need to do is to Ctrl-F and type "=action" in the field.
PICTURE : 5 — Postimages
Now, you need to replace everything in the underlined portion with "post.php", keep the speech marks. (just one set please).
Obviously, this method will be different for other websites. A good method to find it is by using Inspect Elements tool in most modern browsers and clicking on the login button. Find something similar to the above method.
Please note: You will need to change this later when you actually host the website.
Step 4Hosting the PHP File for Password StoringNow here is the juicy part, making your fake website online so other people can browse it.
You can use any free hosting services to host and store passwords. However, the hosting plan has to include something called "FTP". For this tutorial, I will be using 000webhost.
Navigate to the FTP Server for Your Web Hosting ServiceFor this step, I assume that you have already created a website with your hosting service.
For 000webhost, you simply click on "File manager" and click "Upload Files". Here is a picture of the FTP server for 000webhost:
PICTURE : 6 — Postimages
Ignore the other files, those are just some of my personal stuff, unrelated to this tutorial.
Upload Your PHP Files and Change PermissionAs you can see, I have already uploaded my PHP file. But you need to just upload it to the main folder of your FTP server. (Some FTP server doesn't allow you to upload to the root folder, just follow their particular instructions).
Now you need to change the permission to "777", which is basically every single permission. When prompted to tick boxes for the permissions, just tick every single one.
Now you can close the FTP server. Note down your web address!
Step 5Hosting the Actual Phishing PageFor this step, you will need to use the exact hosting provider that I use, otherwise you will get banned.
There is a reason why I don't use the same hosting provider for my actual page, and that is because most hosting providers will employ some kind of scanning to detect phishing pages. I can tried multiple hosting services in the past and all of them banned me within 30 mins of uploading the index file.
Configuring the post.php ForumNow, before you host the website, remember the post.php/login form thing we configured above?
You need to find the login form thing again in your index.html and replace the "post.php" with "http://yourwebsiteforyourpostphpupload/post.php", assuming that you uploaded to the root folder. Remember to add http:// in front of the site. In order to test this, navigate to the website (http://yourwebsiteforyourpostphpupload/post.php) and see if it redirects you to Facebook.com, if it does then you have pasted the correct site. If it doesn't, then double check if you have uploaded your file to the correct directory.
Hosting the Actual PageNavigate to htmlpasta.com. You will see something similar to this:
PICTURE : 7 — Postimages
Then, you need to copy the index.html file for your phishing site and paste it in here.
PICTURE : 8 — Postimages
Now, click on the reCAPTCHA and click paste, you will get a link for your website.
Step 6Congratulations!Congrats! You have finished hosting your first phishing site! Navigate to your site and try to enter some fake login details, after you click the login button, it should redirect you to facebook.com. Login to your FTP server that you hosted your post.php file, and there should be a new document called Log.txt that is stored within the same folder as your post.php file. Any login details should be stored there.
1Download the HTML Index of the Target WebpageTo start off, you need to obtain the HTML index of the page. There are various methods of doing this, there are even templates online for popular sites. In this tutorial, I am going to use the most basic way in order to be as noob-friendly as possible.
Navigate to Your WebpageIn this tutorial, I am going to phish Facebook.
PICTURE : 1 — Postimages
View the Source of the Webpage.Depending on your browser, there may be different methods. Normally it is done by right clicking the site and clicking "View Source". I have done that on my browser and a windows should come out similar to this:
Picture : 2 — Postimages
On the box to the right is the source of the website. Which leads on to the next step:
Downloading and Saving the Source CodeSelect the box, and copy-paste everything in the box to a txt document. Use Notepad on windows, and a simple text editing program if you are not using windows. (Don't use programs like Word or Pages because it is really slow). After you have done that, click "Save As" or whatever option that allows you to save that document. On Notepad it should look like this:
Picture: 3 — Postimages
Change "Save as type" to All Files and change the encoding to Unicode.
After that, name the document "index.html", obviously without the speech marks.
PICTURE: 4 — Postimages
Congratulations! You have finished the first step of the tutorial!
Step 2Creating a PHP File for Password HarvestingThe PHP file is basically the tool that harvests the users password in this scenario. There are several ways you can create this PHP if you have some programming knowledge, but if you don't, just copy my exemplar PHP.
Same as above, save the PHP file as "All Files" and as "post.php". Change the encoding to Unicode and you should be ready to go!
PHP code: https://ghostbin.com/YzwXO
Step 3Modify the Page HTML File to Incorporate Your PHP File in It.Now, we need to incorporate our PHP file, to receive passwords that the users send.
Find the Password-Sending MethodFirst, you need to see how the website deals when the user submits a username-password.
For Facebook, all you need to do is to Ctrl-F and type "=action" in the field.
PICTURE : 5 — Postimages
Now, you need to replace everything in the underlined portion with "post.php", keep the speech marks. (just one set please).
Obviously, this method will be different for other websites. A good method to find it is by using Inspect Elements tool in most modern browsers and clicking on the login button. Find something similar to the above method.
Please note: You will need to change this later when you actually host the website.
Step 4Hosting the PHP File for Password StoringNow here is the juicy part, making your fake website online so other people can browse it.
You can use any free hosting services to host and store passwords. However, the hosting plan has to include something called "FTP". For this tutorial, I will be using 000webhost.
Navigate to the FTP Server for Your Web Hosting ServiceFor this step, I assume that you have already created a website with your hosting service.
For 000webhost, you simply click on "File manager" and click "Upload Files". Here is a picture of the FTP server for 000webhost:
PICTURE : 6 — Postimages
Ignore the other files, those are just some of my personal stuff, unrelated to this tutorial.
Upload Your PHP Files and Change PermissionAs you can see, I have already uploaded my PHP file. But you need to just upload it to the main folder of your FTP server. (Some FTP server doesn't allow you to upload to the root folder, just follow their particular instructions).
Now you need to change the permission to "777", which is basically every single permission. When prompted to tick boxes for the permissions, just tick every single one.
Now you can close the FTP server. Note down your web address!
Step 5Hosting the Actual Phishing PageFor this step, you will need to use the exact hosting provider that I use, otherwise you will get banned.
There is a reason why I don't use the same hosting provider for my actual page, and that is because most hosting providers will employ some kind of scanning to detect phishing pages. I can tried multiple hosting services in the past and all of them banned me within 30 mins of uploading the index file.
Configuring the post.php ForumNow, before you host the website, remember the post.php/login form thing we configured above?
You need to find the login form thing again in your index.html and replace the "post.php" with "http://yourwebsiteforyourpostphpupload/post.php", assuming that you uploaded to the root folder. Remember to add http:// in front of the site. In order to test this, navigate to the website (http://yourwebsiteforyourpostphpupload/post.php) and see if it redirects you to Facebook.com, if it does then you have pasted the correct site. If it doesn't, then double check if you have uploaded your file to the correct directory.
Hosting the Actual PageNavigate to htmlpasta.com. You will see something similar to this:
PICTURE : 7 — Postimages
Then, you need to copy the index.html file for your phishing site and paste it in here.
PICTURE : 8 — Postimages
Now, click on the reCAPTCHA and click paste, you will get a link for your website.
Step 6Congratulations!Congrats! You have finished hosting your first phishing site! Navigate to your site and try to enter some fake login details, after you click the login button, it should redirect you to facebook.com. Login to your FTP server that you hosted your post.php file, and there should be a new document called Log.txt that is stored within the same folder as your post.php file. Any login details should be stored there.
