Share it


Wednesday, 17 June 2015


No comments :


Phishing is the most popular and widely used method for hacking email accounts. Phishing is not as easy as it’s name. Creating a phishing page is an easy task and any one can download it from various hacking forums for free. The main step of phishing comes after creation of fake login page.

If You Don’t Know About Phishing Read This Before We Continue

STEP 1:Creating Phishing.php file :
1. Even if you don’t have any knowledge of php file simply copy the following script and save it as phishing.php .

<?php $handle = fopen(“password.txt”, “a”);
exit; ?> 

STEP 2: Creating index.html page :
 2.1 Open the Facebook login page then, Right click>View page source and paste it in notepad and save it as 
 index.html .
 2.2 Open that index.html file with a Notepad and search (By pressing Ctrl+F) for : action in it and replace the highlighted part (as in the following screenshot) with phishing.php .

STEP 3: Now create a completely blank text file with namepassword.txt.

 Now you have all the following three files with you :
1. phishing.php
2. index.html
3. password.txt
  If you don’t have your own web hosting account, goto any free web-hosting site ,and in file manager, upload all the three files.

Your affected folio is now ready! With the Domain Name you registered on the Web-hosting armpit ask anyone to login and again analysis yourpassword.txt book .You will acquisition the Username and Countersign of that being stored in it.Also the being gets redirected to the aboriginal Facebook login folio and he/she thinks that there charge be some botheration or he/she may accept entered amiss Username or Password.
Though this adjustment of hacking looks absolutely continued yet, already you accept created the affected folio again you don’t charge to accept anyone login on your computer .Just accelerate that URL to anyone adage ‘Hey! Join my folio on Facebook!’ or whatever and afterwards he logins you will accept his/her password.
But the botheration Facebook phishing has is, alike if you get someone’s Facebook countersign and change it, the being is notified by an email and he/she will get to apperceive that addition is aggravating to admission his/her countersign and will absolutely change it :( . So, its bigger to anon drudge their primary annual to accretion complete admission to the victims annual ;)

Read more:
Hacking internet and computer tips and tricks

How to send this fake page to the victim?

Here comes the Tab Napping which can make your second step easy than before. No need to send fake page via email to victim.

Tab Napping use the modern browser’s multi tabbed environment. Now a days all people use multiple tabs for accessing Gmail, facebook, orkut and other websites simultaneously. The trick is to confuse user in his/her multiple tabs and redirect any of idle tab of his browser to your phishing silently. Tab Napping works on the user’s assumption that a tabbed web page stays the same when other Internet services are being accessed.

How does tab napping work?

It is done by checking whether your page is idle or not, if it is idle or not used for some particular time period
then it gets redirected:
Things to be done:
1.check for mouse movement
2.check for scroll bar movement
3.check for keystrokes

If any of the aloft accident is not triggered till few abnormal , this agency user is not application that tab, either is off from arrangement or application added tab, so if these altitude are met, again we alter it to our phished page, which user thinks it to be 18-carat page.
The abstraction abaft this is actual simple and is done by javascript. Tab comatose is all about the affiliation of 2 pages. accept Folio A and Folio B. Victim was examination folio A in a tab of a browser and again larboard this abandoned and and now application some added website in addition tab of browser. If the user will not acknowledgment to folio A for some per-specified time, folio A will automatically alter to Folio B. This Folio B is your phishing page. This redirection and blockage for user accomplishments is done by JavaScript.
Make a web page and use the tab napping script in that page say it page A. This script will not affect the layout or content of the page. This script will check for user actions. If the page is idle for some time, this script will redirect this page to a pre-specified page which may be your phishing page. You have to specify this page in the script. Be sure to change this in script.
check script for this line…
timerRedirect = setInterval(“location.href=’'&#8221;,10000);
this line will redirect to Gmail after 10 sec. Change this location to the address of your phishing page. This line is used 2 times in the script so change is both lines.
so, page A with tab napping script will redirect to phishing page B.
Now send the link of the page A to your victim. This is a normal page. If the page is idle for some time it will be changed to page B otherwise no effect.
i hope you enjoy......

No comments :

Post a Comment