Sunday 1 January 2012

Phishing page in 8 Easy steps

You must have come across many fake login pages / scamming pages which are often used to hack IDs. Phishing is the most easiest and the most "unethical way of hacking".

Yes that is right phishing is not something great which only a few can do, that is why it makes it unethical. But whatever it might be "hacking is hacking" and there is obviously a need to know more on this type of exploitation.

Before we go into the details let us first see what phishing is all about.

What is Phishing ?

Phishing is a way of deceiving your victim by making him login through one of your webpages which is a clone of the original one. By doing so the fake webpage will log his E-mail ID and password. After that he will automatically be redirected to the original webpage making him unsuspicious of what just happened. This is used for criminal activities for stealing Credits Cards and So. And that is the exact reason why i DO NOT want you to use this for fraud.

Note: Use this only for educational purposes and not to cause any damage to any person in any way.

First of all you have to get a phishing page.

some example phishing pages are:
1. Facebook Phishing Page
2. Gmail Phishing Page

Installation / Setting up your Fake login Script (Phishing page)

1. After having the phishing pages put the files into a directory.

2. Before we get started you should first make a free web hosting account for you to upload your files. I would prefer any one of these. 


3. After registering login to your file manager of you respective hosting and upload all the files of the folder which contains the document.

4. Once you have uploaded the files you have to change the permission (CHMOD) of each file to "700". Select all the file and change the permissions as shown in the pictures below.

5. So by now you should have uploaded the file & also CHMOD the files (Changed Permissions of the file) .

6. Now is the time to test. Go the site for example.


After you go there you will find that it is the exact clone of the original one.

7. Just enter some E-mail ID and password in order to check if it working,now it should redirect you to "www.your-domain.com", if this is happening it is a success !

8. Now go to your file manager again and refresh the page,you'll find that a new file will be created for ex. pass-log.txt in your file manager to view the passwords, go to

http:// your-domain.com /pass-log.txt

There you will find the list of passwords which have been entered on yoursite. So now your ready to pull a prank on your friends !

How to change the redirection URL ?

By default the redirection URL in all my phishing pages is "www.your-domain.com". You can just change it by modifying the "login.php" file   header ('Location: http://your-domain.com');   of the phishing page using Notepad.

Disclaimer: DO NOT use this for fraudulent activities use this just to gain knowledge and not to cause harm to other people in any sort.


Post a Comment