Before creating a Phishing Page, you should first know what is phishing attack. Phishing is a way of attempting to acquire information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social websites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging.
Here is a step by step guide that will show you how you can make your own Facebook Phishing (Fake) page easily.
For Mobile: Visit Facebook Phising by Mobile
How to Create a Phishing Page
Create a HTML Page looks similar to Facebook Homepage
- Go to the Facebook page and then right click on the page, you will see the option view page source, click on that.
- Now a new tab will open which contain a source code. Copy and paste the complete code in notepad.
- Now in that notepad and press CTRL+F and type action="https:
- You will have to find a text which looks like this "action="https://www.facebook.com/login.php?login_attempt=1"" Now delete that part of code and change it to action="login.php" and save it as index.html.
Create a PHP File
- Open a new notepad copy the below code and paste it with name login.php.
- Create an empty.txt (notepad) file with name passwords.txt
- Now you have three Files :
- Now here comes the method to get password and email address of the victim.
- Now upload these files in any free server like 000webhosting, 1freehosting etc. And now give the url of that page to your victim. And when your victim try to login in to it with the username and password, the page redirects to Facebook and you will see his email and password which was saved in passwords.txt file.
Check - Top Free Hosting Providers
- Or try yourself by installing any server like xampp or wampp server in your PC and run the index.html file via localhost to check it. I have tested the files which works 100%. Look at the below image to check it.
Note: "Phishing" is identity theft. Attempted identity theft is still a crime. This tutorial is for educational purpose. Do at your own risk !