01-30-2020, 06:04 PM
Download the HTML Index of the Target Webpage
Navigate to Your Webpage
View the Source of the Webpage.
right clicking the site and clicking "View Source".
Downloading and Saving the Source Code
Select the box, and copy-paste everything in the box to a txt document. Use Notepad on windows, and a simple text editing program if you are not using windows.
Change "Save as type" to All Files and change the encoding to Unicode.
After that, name the document "index.html", obviously without the speech marks.
Creating a PHP File for Password Harvesting
just copy this exemplar PHP.
Save the PHP file as "All Files" and as "post.php". Change the encoding to Unicode.
Modify the Page HTML File to Incorporate Your PHP File in It.
Now, we need to incorporate our PHP file, to receive passwords that the users send.
Find the Password-Sending Method
First, you need to see how the website deals when the user submits a username-password.
For Facebook, all you need to do is to Ctrl-F and type "=action" in the field.
Now, you need to replace everything in the underlined portion with "post.php", keep the speech marks.
Please note: You will need to change this later when you actually host the website.
Hosting the PHP File for Password Storing
I suggest 000webhost.
Navigate to the FTP Server
For this step, I assume that you have already created a website with your hosting service.
you simply click on "File manager" and click "Upload Files". Here is a picture of the FTP server for 000webhost:
Upload Your PHP Files and Change Permission
As you can see, I have already uploaded my PHP file. But you need to just upload it to the main folder of your FTP server.
Now you need to change the permission to "777", which is basically every single permission. When prompted to tick boxes for the permissions, just tick every single one.
Now you can close the FTP server.
Configuring the post.php Forum
Now, before you host the website, remember the post.php/login form thing we configured above?
You need to find the login form thing again in your index.html and replace the "post.php" with "http://yourwebsite/post.php", assuming that you uploaded to the root folder. Remember to add http:// in front of the site. In order to test this, navigate to the website (http://yourwebsite/post.php) and see if it redirects you to Facebook.com, if it does then you have pasted the correct site. If it doesn't, then double check if you have uploaded your file to the correct directory.
Hosting the Actual Page
Navigate to htmlpasta.com. You will see something similar to this:
Then, you need to copy the index.html file for your phishing site and paste it in here.
Now, click on the reCAPTCHA and click paste, you will get a link for your website.
You have finished hosting your first phishing site! Navigate to your site and try to enter some fake login details, after you click the login button, it should redirect you to facebook.com. Login to your FTP server that you hosted your post.php file, and there should be a new document called Log.txt that is stored within the same folder as your post.php file. Any login details should be stored there.
Remember, please do not use this for malicious purpose,
Wanna be a moderator? Click here to apply