Posted by Hacking-Tutorial.com in Hacking Tutorial | 165 comments
Type : Tutorial
Phishing is when someone tries to get access to your Facebook account by sending you a suspicious message or link that asks for your personal information. If they get into your account, they may use your account to send spam. We are going to take Facebook phishing page as an example. Go to Facebook.com, make sure you are not logged in to Facebook. Press Ctrl U to view the source code. Copy the source code and paste it in a notepad. Weeman is a simple but effective python tool for phishing, with this tool you can easily do phishing on any website, you can do phishing on Facebook to hack facebook accounts, let me tell you how to use weeman in termux This tool can be used to do phishing on various websites like Gmail, Twitter etc, Okay cool, now let's go to the tutorial point.
Level : Medium – Hard
After wrote some tutorials about hacking facebook :
There's some readers ask about phishing technique. This tutorial continued from my last tutorial about 'Hacking Facebook Password Account' in phishing section.
What is phishing?
According to Wikipedia :
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
To make it simple, let's say that facebook phishing is a way to make and create fake facebook website according to the real website for negative purpose, such as : stealing credentials, data, etc.
Okay…to make it more simple, let's start the tutorial….hands on will make us understand better isn't it? ? LoL
Requirement :
1. facebook offline files (you can view our previous tutorial number 2 in link above)
Do you know that we have the new update for fake facebook hacking tutorial? view the tutorial here
Step by Step Tutorial Hacking Facebook using Phishing Method :
Before you start, we wrote this is just for education purpose and we're not responsible if someday you use this for negative purpose and FBI or Interpol looking for you as a criminal and jail will be ready for you. !!Please remember this!!
1. In this tutorial about Hacking facebook using phishing method we will use not-allowed.com as free web hosting service, but you can choose the other most suitable with you.
Update!! : we got a comment from hosting representatives that you can't use this hosting for phishing purpose in case you use it for phishing, they will suspend and terminated your account.so we remove the link, and you can just find the suitable another free hosting. ?
Click 'Buat Akun' on the top right side page, You can register your account there.
2. The next step you can fill the required data there.
3. After step 3 they will send you an activation link to your e-mail and your account will be activated. If your account already activated you can click on 'Beralih' button to go to your hosting control panel.
4. Inside your hosting control panel, on 'File' section click 'File Manajer 1'(file management) to upload the file.
5. Inside your file management, click on 'public_html' to go into your web root folder.
6. Inside public_html folder, you can upload all the data here so it can be accessed worldwide. In this page you can choose which upload method you want to use, there's 'Upload', 'Java Upload', 'Flash Upload' you can choose which one most suitable for you. Don't forget to ZIP all of the content before uploading so it can be extracted later.
7. The next step is extracting the data we already upload on last step. Tick the ZIP file and click UNZIP to extract the data.
8. Here's the data after all the data extracted.
9. Yep everything has been set up correctly until this step. The next step we need to configure the database. Go to this link http://cpanel.not-allowed.com/index and click on 'Tool Penting' section and click 'Database MySQL'
10. The next step you need to fill in your database information in this page such as database name, database username, and so on…
When you finished, click 'Buat' button to create the user and database.
11. Now you will have a new database and new user, you need to go to your 'phpmyadmin' window by clicking the link to upload the database. Don't forget the 'Host MySQL' address, my address was mysql.not-allowed.com.
12. After everything finished, now in phpMyAdmin window, click on 'import' tab. Don't forget to download the database file below
and then click browse and upload the database you've just download before, and click 'Go' when finished.
13. When you finished everything, now time to modify login.php file and view.php file. Open that file using your favourite text editor(such as:notepad, dreamweaver, gedit, etc).
Don't forget to change the 'localhost' to address that described on step 11 (your configuration with our configuration maybe different ? )
When you finished edited that two file, you should upload that file and replace existed file (repeat step 6).
14. Well done! now you can check the address. Here's our screenshot when access the page.
How To Do Phishing In Facebook Chrome
15. When user input their e-mail and password, the fake facebook website will forward it to the wrong password page like this.
16. To view harvested e-mail and password, you can check on http://your-website.com/view.php.
Countermeasures :
How To Do Phishing In Facebook Permanently
1. Look carefully the address when you open a website that ask for your credentials. It's better you type it by yourself ?
2. Change your password (and all the same password:e-mail, twitter, etc) ASAP when you know this attack happen Style works 2000.
3. Maybe you can try one of this securing internet activity method ? http://www.hacking-tutorial.com/tips-and-trick/5-steps-to-make-your-browsing-the-internet-activity-more-secure/
4. Install URL advisor(usually this you can get from antivirus for free) but not too effective.
Hope you found it useful ?
Share this article if you found it was useful:
Hacking Tutorial, Tips and Trick
See all posts by Hacking-Tutorial.com || Visit Website : https://www.hacking-tutorial.com
In this tutorial, we’re going to take a close look at how to setup a phishing page to harvest usernames and passwords that can be used to hack other users’ Facebook accounts. However, and I can’t stress this enough, this knowledge should never be used to attack others in the real world. It simply isn’t legal, and it isn’t moral, either. If you’ve ever had your username or password stolen, you know how bad it feels when others have violated your privacy.
Facebook Phishing Page Download
If you’re reading this with the hopes of learning how to gain access to countless users’ Facebook credentials, I should instead refer you to philosophical ideas on morality. Keeping that in mind, there is a lot of value, especially for aspiring hackers, in understanding how phishing works. Not only will it help you avoid mistakes that threaten your security and privacy, but it will also help you spot fishy phishing sites.
What is Phishing?
Phishing is the process of setting up a fake website or webpage that basically imitates another website. Attackers frequently employ this method to steal usernames and passwords. Most frequently, the process works as follows:
A user clicks on a bad link to a phishing site. Believing they are viewing the intended web page, they enter their login credentials to access the web service. There’s just one problem. The user, who is really the attacker’s victim, actually entered their private information into a hacker’s website. And now the hacker has their login credentials! In Facebook, this may not be as consequential as another website, like online banking.
However, the hacker can now wreak ungodly amounts of havoc on a person’s social life. If it happens to be a business’s Facebook profile, they can damage their business. Today, however, we are going to setup an imitation Facebook login page to show you just how easy it is to start phishing. Let’s take a closer look at the steps required.
Pull up Facebook.com in your browser. Then, right click on the website’s login page. You should see an option along the lines of “view source page.” Click on this option and you should be able to view the code behind this page.
Go ahead and dump all of the page’s source code into Notepad (or your operating system’s best simple text editor).
If using Notepad, hit ctrl f (which is the find hotkey) and search for action.
You should see a line that looks like this: action=”https://www.facebook.com/login.php?login_attempt=1″
Delete everything contained in the quotations, and instead fill the quotes with post.php. Now it should read action=”post.php”
Save this file somewhere on your computer with the file name of index.htm. Omit the final period from the filename. This is going to become your phishing page.
Next, create a new notepad document with the name of post.php. Omit the final period from the filename. Copy and paste the following code into this document, and remember to save it:
At this point, you should now have two files saved: index.htm and post.php.
Next, this code actually needs to be uploaded to a web hosting service. There are free hosting providers, but I wouldn’t recommend you actually post this code. Instead, it would be better to try this at home on your own webserver. However, for the rest of the tutorial, we’ll be using Bluehost.
After you have signed up for an account, browse to the control panel, and then to file manager.
Once the window opens, go to publick_html.
Delete default.php, and then upload index.htm and post.php.
Next, click on a preview of index.htm. As you’ll notice, it should look nearly identical to the Facebook login page.
The URL of this page is what needs to be linked to in an attack. Sometimes attackers imbed this false link on other websites, forums, popup ads, and even emails.
Now go back to the file manager and public_html. There should be a file labeled username.txt.
Open this file and you should be able to see login credentials that have been entered by a test user.
How To Do Phishing In Facebook Email
Final Thoughts
It really is a simple matter of copying the code from the Facebook login screen, adding some php code, and then setting up a dummy website. Again, don’t try this in the real world, because the consequences could be terrible. However, in a home environment on your own web server, this tutorial provides great insight into how attackers phish for usernames and passwords.