Posts
How to hack Facebook Account via Phishing:Detailed Guide.
“Whoever, fraudulently or
dishonestly makes use of the electronic signature, password or any
other unique identification feature of any other person, shall be
punished with imprisonment of either description for a term which may
extend to three years and shall also be liable to fine which may extend
to rupees one lakh.”
Information Technology Act 2008
Yes, that’s what the Law says about
identity theft. Then why make this tutorial? Well, Let me make this very
clear that this is only for educative purposes and I will not be held
responsible for any action coming out of this article. To take a line
from the movie Mission Impossible – 2 “to create bellerophon we always
create chimera.” I hope this article will be more helpful than the other
articles available about phishing on the internet.
What is phishing? Phishing is an act of
presenting a fake page resembling the original webpage you intend to
visit with the sole intention of stealing your credentials. Although
this article explains how to hack facebook account via phishing, this
method can be used to phish any website. Phishing is the most popular
method of hacking a facebook account. So now let’s phish.
In your browser, open website of facebook. Right click on the webpage, click on “view page source”.
The source of the page is displayed in the browser. Right click on the page and click on “Save As”. Save the page as “index.html” on your computer.
Now open index.html using notepad and hit “CTRL+F”.In the Find box opened, type “action” and click on “Find Next”. Look at the value of action.
Now change the value of action to “phish.php”. We are doing this so when the user enters his credentials the page that loads will be “phish.php” and not the page Facebook wants.
Now let’s create the page phish.php. Open
Notepad and type the following script into it and save it as
“phish.php”. What this script does is it logs the user credentials and
saves it to a file named “pass.txt”.
Now our files are ready.Next step is to
upload these files to any free web hosting site available on the
internet. Google for free web hosting sites, select any one of them(I
selected bytehost7), create an account with username as close to
Facebook as possible and delete the index.html file available in the
htdocs folder.Then using Online File Management upload your own
index.html and phish.php files to the htdocs folder. Your htdocs folder
will look like below.
Let’s check if our phishing page is ready
by typing the address of our site. If the page is like below, then our
phishing page is working.
The next thing we have to do is to send
address of our fake website to the victim. We will do this through
sending him an email but in order for the victim not to smell something
fishy, we will obfuscate the url of the fake page we are about to send
him. The sending email address should be as convincingly close to
facebook as possible.
When the victim clicks on the obfuscated url, it will bring him to our fake site.
If the victim is not cautious enough as to
observing the url and enters his username and password, our attempt is
a success. To show this, I will enter random values in both username
field and password field and hit Enter.
Now a txt file with name pass.txt will be created in the htdocs folder containing both the username and the password.
Click on the file. We can see both the
email and the password i have entered. The email is “don’t get hacked”
and the password is “like me”.
Counter Point:
If you don’t want to fall victim to
phishing, you can take a few precautions . If you want to open a site
type the address directly in the url and don’t open any redirected
links. Don’t click on any mails which look malicious like asking for
your login credentials.
No comments:
Post a Comment