In Facebook Phishing Attack, we’ll create a fake Facebook Login page and host it either on a web server or our local server and then manipulate our victims to visit the Facebook phishing page.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
In a Layman term – Phishing is an example of social engineering attack in which an attacker attempts to steal valuable information by pretending to be a trustworthy party.
Creating a phishing page is pretty much the same for any websites be it twitter, gmail, instagram, etc. But in this tutorial we’ll specifically be learning how to create a phishing page for facebook.
HOW TO CREATE A PHISHING PAGE FOR FACEBOOK
1. Browse to Facebook’s login page and right click anywhere on the site and save it as “index.html” in a folder on your computer. You can give any name but for the convenience we’ll index.html.
2. Now open the index.html file with a text editor (notepad, wordpad, etc) and search for action=”https://. Change the url to mail.php and save the file.
Make sure you change the "action" attribute of the login form !
So what are we doing here? Well, there’s a form in the facebook login page where users can input there username and password.
The “Action” attribute of the form means where those inputs submitted on the form are to be sent. By changing the action attribute to “mail.php” we’re redirecting those submitted input to our page “mail.php“. And that’s how we capture the login details.
But what is mail.php again? Mail.php is a web page which is designed in such a way that whenever it receives data (facebook username and password) it saves it on a text file and redirects the user to a authentic Facebook website.
3. Download the code from here and save it as mail.php on the same folder.
We now have our Facebook Phishing page ready !
Now that you have created a phishing page, you can either host it on a web server or your local host and manipulate your victims to login through your phishing page.