Many people ask me that they want to hack Gmail, Facebook or yahoo id’s of their friends. Today I am sharing with you the concept of Phishing. This is similar to Fishing, where the fisherman puts a bait at the hook, thus, pretending to be a genuine food for fish. But the hook inside it takes the complete fish out of the lake.
Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by letting victim login on a fake page. In Phishing We Create a fake page of the social networking site on which victim has their profile. By gaining trust of Victim We force him to login to our fake page, When Victim login through fake page he will be redirected to a script which saves the information like username and passwords and then let the user login into their original profile.
I am demonstrating the Phishing attack on Gmail id’s. There are basically three steps Which We have to follow.
- Just create an account on any free hosting service like t35.com,co.cc, or heliohost.org so that you can upload your files on a server and let victim login through it.
- Go to http://www.gmail.com and save the page on your desktop by going to File Menu. Now open this HTML Page with notepad and find action.Change action to action =”script.php”. script.php is the file on which we want to redirect Victim it contains the programming logic to steal information. Save This Gmail HTML Page as index.html
- You can Download the script.php file from here. Just copy the content of this file to a notepad and save it as script.php and don’t forget to choose all documents in Save as Type Textbox.
- Now create a blank Text Document and save it as “Passwords.txt”.Now upload index.html, script.php and Passwords.txt to your Web server like example.t35.com.Now give path of http://example.t35.com/index.html to victim and when he try to login his username, password will be saved in Passwords.txt file and you can read username and password from there.
Note : This tutorial is for Educational and Awareness Purpose only.Please do not use Scripts provided in this tutorial to harm anyone’s resources or steal any confidential information.