Phishing is the process of stealing sensitive information (silently), such as usernames, passwords, and bank information, by pretending to be someone you’re not. I have already explained it in detail in FACEBOOK phishing.
This step by step guide will show you how you can make your own Gmail Phishing (Fake) page easily...have fun!
Files we will be creating:
1. phishing.php
2. index.html
3. password.txt
Refer the end of the post first!
Step 1: Creating phishing.php file
First
of all we need a PHP script which will collect all the form data. Copy
the following code in a text editor (notepad) and save it as phishing.php
Step 2 : Creating index.html page
Goto Gmail.com (without logging in) , Right click anywhere in the browser and choose view page source. Open the source code in a text editor (notepad).
Step 3: Now a new window will pop-up where you can see all the HTML code. We need to look for word action. Press CRTL+F and search for action. You will find two action in the code so choose the right one by looking up the following screen-shot (ie, with form id="gaia_loginform"). Replace the link after action between the "..... " with phishing.php (as in the screen-shot)and save this page as index.html (not index.html.txt!!!).
Step 4: Creating text file (password.txt)
Now make a new empty text file and name it password.txt
Now you have all the three files required
Step 5: Final step
Upload
all the 3 files in file manager of your web hosting. If you don't
have your own web hosting at present, search for a free web hosing
site which gives PHP access. I prefer www.2freehosting.com .
Sign up for a free web hosting plan on this site. Goto file manager and Upload all the 3 files and save it.
Once
everything is up and ready to go, go to the link your host provided
you for your website and you should see the Gmail page replica. Type in
a username/password and click Sign in. This should have redirected you
to the real Gmail page.
Now whoever will try to login for Gmail through your Fake page, his/her Username and Password will be automatically saved in Password.txt
file as plain text which you can view easily. Also the the victim
won't have a hint that he/she has been hacked since, he/she will be
redirected to the original Gmail page and will get a feel as if he/she
entered a wrong password by mistake.
No comments:
Post a Comment