Facebook Phishing Attack | Complete Tutorial



In this Facebook Phishing Attack, we’ll create a fake Facebook Login page which we’ll host it on a web server and then manipulate our victims to visit the Facebook phishing page.

Unlike other phishing attack, in this attack the attacker doesn’t need to have access to victim’s computer nor be connected to the same network as the victim. The attacker can hack into victim anywhere in the world.


To perform this attack, we’ll need a web server to host our site. Now, some of us might already have our own domain to host the phishing page but most of us don’t. Getting a domain and a hosting service it just for the sake of hacking might be costly. But don’t worry, i’m gonna teach you how to host your phishing page and get a domain for FREE !

NOTE: Hosting a phishing page on your domain will hamper your site's reputation.

Let’s Get Started


1. Creating a Facebook Phishing Page

a. Browse to Facebook’s login page and right click anywhere on the site and save it as index.html in a folder on your computer.


b. Now open the index.html file with a text editor (notepad, wordpad, etc) and search for action=”https://. Change the url to mail.php  and save the file.

Make sure you change the "action" attribute of the login form !

chaning action attribute

c. Download the code from here and save it as mail.php on the same folder.

We now have our Facebook Phishing page ready !

2. Getting Free Domain and Hosting Service

There are many websites that provide free hosting service but most of them aren’t suitable for hosting a phishing page. The one that I recommend is 000webhost. Visit 000webhost.com and create a new account.

webhost signup

3. Hosting The Facebook Phishing Page

Once you’ve created an account on 000webhost sign in here. Click on create a new account and fill in the necessary details. Then click on Go to Cpanel.

Once you are inside Cpanel, open File Manager 3.

File Manager

After that,  click on public_html folder.

public file

Inside public_html folder upload all the contents of the phishing page we created.

Uploading Phishing content

Congratulations! Now you’ve successfully created a facebook phishing page and hosted it.

What Next


Now you can send the link of you recently created facebook phishing page and wait for someone to get phished!

However, sending direct links to victim might seem suspicious.
You can instead Create A Phishing Email and manipulate the victim to visit your phishing site. Or, you can use url shortener sites like bit.ly to shorten your url and send it to the victims.

If you have any doubts regarding this tutorial, leave a comment below.