In this Facebook Phishing Attack, we’ll create a fake Facebook Login page which we’ll host it our local server. To perform this phishing attack, we’ll need a software called XAMPP through which we’ll host our facebook phishing page.

Keep in mind that to perform this type of phishing attack you need to be connected to the same network as the victim.

Let’s Get Started

1. Downloading XAMPP Server


First we’ll need to download XAMPP server on our computer. Download it from here. I won’t go through the installation process in this tutorial.

NOTE: Install the XAMPP server on the default directory.

After you’re done installing, run the software. Start the MYSQL and APACHE server by clicking on the “start” button next to it.

XAMPP Server
XAMPP Server

2. Creating a Facebook Phishing Page

a. Browse to Facebook’s login page and right click anywhere on the site and save it as index.html in a folder on your computer.


b. Now open the index.html file with a text editor (notepad, wordpad, etc) and search for action=”https://. Change the url to mail.php  and save the file.

Make sure you change the "action" attribute of the login form !

chaning action attribute

c. Download the code from here and save it as mail.php on the same folder.

We now have our Facebook Phishing page ready !

What Next

Now, find the local ip address of your system on which you’re hosting the facebook phishing page. You can find it by simply running command prompt and typing “ipconfig” command.


Now that we know the local ip address of our server (system), we can simply give the link to the victim

Once the victim logs in the phishing page, the login credential will be stored on log.txt file! You can check the victim’s login detail by simply visiting the htdocs folder on XAMPP’s directory and checking log.txt file.