There are couple of other phishing tutorials around here, but some people seem to
have problems understanding them. So I’ll try to be as simple as possible, and if you
have problems understanding it, then you need to get some beginner level computer
-This article was written for educational purpose only. I’m not responsible for any
illegal activity that you may commit.
2. What is a phisher?
Phisher is something that looks like a login page(a fake login page), that writes the
username and the password to a file, or does whatever you want.
3. How to make one?
All you need is a web hosting service with PHP enabled.
We will use t35. Go to spam.com and sign up for a free account. In this tutorial we
will make a phishing site for Myspace(the procedure is equivalent for most of the
sites). While not signed in myspace, open anyone’s profile and click on his picture.
That will lead you to Myspace’s login page that has the red box with”You Must Be
Logged-In to do That!” just above your login form.
Now, click File>Save Page As, and
save the myspace page to your Desktop. Open your saved page with any text
editor(notepad, wordpad etc.). Select all of the text(the source code), and copy it.
Get back to your t35 account and click on ‘New File’ and paste the Myspace’s source
code there. Name the file ‘index.php'(without the ”), and save it.
Now you have made a page equal to Myspace. Everything on that page will have the
same function as if it were on the original site. The link to your phish site will be
‘www.xxx.t35.com/index.php’ – where ‘xxx’ is the name of your account.
But there is a little problem. When someone enters his username and password and
press login, it logs him into the real myspace.
What do we need to change?
What we need to change is the action of the ‘login’ button, so instead of logging
them into the real site, it writes the username and password to a text file.
Open your ‘index.php’ file. Search in the code for keywords ‘action=’.
There will be several ‘action=some link’ in the myspace’s source code(for the sign in
button, search button, etc.). We need to find the ‘action=some link’ that refers to
the Login button.
After some searching, we find the: