Yes, that’s what Law in India says about identity theft. Well, now Let me make this very clear that this is only for education purposes and I will not be held responsible for any action coming out of this post. To take a line from the movie like Mission Impossible 2  to create bellerophon we always create chimera.” I hope this post will be more helpful and creative than the other post available about phishing on the internet.

What is phishing? Phishing is an act of presenting a fake page resembling the original webpage you intend to visit with the sole intention of stealing your credentials (username and password). Although this post explains how to hack facebook account via phishing technique, this phishing method can be used to phish any website.to become people try to fool someting to be define real and trusted thing to be scam via Phishing is the most popular method of hacking a facebook account. So now let’s phish.

 

Hey Yup In your browser, open website of facebook.First Just Right click on the webpage, click on view page source.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The source of the page is displayed in the browser. Right click on the page and click on Save As. Save the page as index.html file name using on your PC

.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now open index.html using notepad and hit CTRL+F.In the Find box opened, type action and  click on Find Next. Look at the value of action on source code.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now change the value of action to phish.php. now we are doing this so when the user enters his credentials(username and password) the page that loads will bephish.php and not the page Facebook wants something happen background.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now let’s create the page phish.php. Open Notepad and type the following script into it and save it as “phish.php” quickly. What this script does is it logs the user credentials and saves it to a file named pass.txt have you done it.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now our files are ready.Next step is to upload these files to any free web hosting site available on the internet search. Google for free web hosting sites, select any one of them(I jsut selected bytehost7), create an account with username as close to Facebook as possible and delete the index.html file available in the click htdocs folder.Then using Online File Management folder click and upload your own index.html and phish.php files to the htdocs folder quickly. now your htdocs folder will be look like below Just see using your red eyes

 

 

 

 

 

 

 

 

 

 

 

 

 Let’s check if our creatable phishing page is ready by typing the address of our site. If the page is like below then our phishing page is working perfectly.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The next thing we have to do is to send address of our fake website to the victim carefully with smartness. We will do this through sending him an email but in order for the victim not to smell something fishy or something wrong, we will obfuscate the url of the fake page we are about to send him its look like real thing. The sending email address should be as convincingly close to facebook as possible.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

When the victim clicks on the legtimate url, it will bring him to our fake site owch.

 

If the victim is not cautious enough as to observing the url and enters  his username and password, our attempt is a successfully to achieve our goal. To show this, I will enter random values in both username field and password field and hit Enter Just example.

 

Now a txt file with name pass.txt will be created in the htdocs folder quickly and containing both the username and the password.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Click on the file slowly and see magic. We can see both the email and the password i have entered. The email is “don’t get hacked” and the password is “like me”. so thats call phishing its really working and lots of people today use but we are security analyst we are not any suspicous thing do because if you learn hack first hack your self we are not hacker we are security analyst or ethical hacker.

 

Cyber Defence Key Point:

If you don’t want to fall victim to phishing, you can take a few precautions . If you want to open a site type the address directly in the url easily and don’t open any redirected links. Don’t click on any mails which look malicious like asking for your login information or personal information its do harmful by hackers.