Phishing(using Fake login page)

"Phishing" is an example of social engineering some what equivalent to "Fishing" lol ,in fishing fishes are fooled and trapped in net,same way in "Phishing" the user is fooled by sending fake login pages eventually the user fall in the trap of the hacker and end up giving away important data like credit card no ,email password,info on online money transaction... etc.Nowadays this method of hacking is very common because of its 70-80% success rate.It lags by 30-20% because its success entirely depends on the user to do the mistake and login to the intended fake page.Even when using server authentication ,it may require tremendous skill to detect that the website is fake.As mentioned above the relationship between fishing and phishing but it is somewhat variant whereas it is influenced by "Phreaking.
Now I am going to describe the complete procedure carried out to do this attack,before doing that i would like to mention that this is very useful in "Social Networking".This is an effort to make the user aware of this kind of threat when they are working online and stay safe rather trying it on others.(Disclaimer)

1.Inorder to carry out we need three things Fake.html,login.php,Password.txt

2.To make the Fake.html right click on the original page and left click on the view source and copy it (ctrl + c) then paste it in a text file or notepad and save it as .html extension.

3.Now open the Fake.html in wordpad or notepad and search (ctrl +f) for "action=",edit the original value and assign login.php ie. action="login.php" and method="GET".

4.As we are made with the Fake.html now we will go for login.php,in order to make it we need the code given below.(DOWNLOAD)






Note:header ('Location: http://www.original-site.com ') in the above code,the victim will be redirected to the site as mention in this so,the original site is to be assigned.

5.Now open up a account in a free web hosting with PHP enabled and having file transfer protocol(ftp) for example:www.t35.com

6.Now upload the above two file ie.Fake.html login.php to the web account and then the hacker sends the link which looks like http://www.your-accnt.t35.com/fake.html

7.When the victim login to that link then the username and password gets store in a file as mentioned in step:1 which is automatically created in the web account then it can be opened to see the password.

As the above mentioned method requires a lot of editing and code writing so a free tool called Super Phisher v1.0 comes very handy in carrying out all the work performed in step 2,3,4.It is freeware ,so it is available through any search engine.


Declaration:The author will not be held responsible for any illegal use of this article.This is only to aware the users the threats they are exposed to.

If you find this post useful and informative do post your comment and share it.
Suggest Article

Subscribe to Posts....

Enter your Email-ID and get "Security Tips and Hacking Tutorials"alert in your inbox,we promise to keep your email private and safe.

comment 12 comments:

Anonymous said...

really a gud tut in an easy way....thnx dude :)

Satyajit Das(Author) on June 27, 2010 at 6:04 PM said...

keep visiting for new interesting posts.....do give some details abt u so i can track u back....

Terry on August 27, 2010 at 8:15 PM said...

thumbs up dude ;)

Satyajit (Admins,a.k.a Satosys) said...

@Terry Thnx....keep visiting... :)

Terry on August 30, 2010 at 1:54 AM said...

yeah! Sure learnin damn much from here ;)

Anonymous said...

OK, now the tabs are working but when I type in the user and pass I get this ...

Parse error: syntax error, unexpected '<' in /home/freehost/t35.com/a/n/antoplant/login.php on line 1

Dhiraj on January 4, 2011 at 4:32 PM said...

This is not working for me,there is some php error which comes into force and the password is also not being saved.....

Satyajit (Admins,a.k.a Satosys) said...

@Dhiraj may be the error is there on your end check all your steps again....I used the same code here also

http://www.securityhunk.com/2010/09/how-to-hack-facebook-account-tabnabbing.html

do check it.. :)

Thanks for visiting.. :)

Anonymous said...

You use tabnabbing/tabjacking for stealer password of facebook or use phishing?
Thamks

Anonymous said...

hi. my name is ritu....n m beginner in hacking....how can i knw more about hacking....i want to make my career in hacking plz suggest me....

Anonymous said...

hey this is anamika i need to know how to make password.txt file

ankan on July 31, 2013 at 2:16 AM said...

Hi, my name is ankan and i am very loose in computer.. plese understood me the 4-6 stage easily...

Post a Comment

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Delete this element to display blogger navbar

 
© 2013 SecurityHunk All Rights Reserved and Template by Fresh Blogger Templates