Header Ads Widget

Ticker

6/recent/ticker-posts

creating the phishing site sample

 



Phishing



Phishing is a type of social engineering attack where an attacker attempts to obtain sensitive information like usernames, passwords or credit card details by pretending to be a trustworthy party to obtain that information. For example an attacker may try to obtain your credentials to your gmail account by sending an email that looks to be from google stating that your credentials need to be verified, and he may include a link to a fake website which looks exactly like gmail login page at the first glance. when you try to login to the site using  your credentials attacker will get your credentials and may even display a message stating that you have successfully verified your login details and redirect you to the original gmail login so you can login to gmail.



Lets create a phishing site 

Lets try to get somebody's credentials to their google account, to do that we need the victim to enter his or her login details at a website which he or she think is real google account login. You can get the login pages just by visiting the page and downloading the page as a complete web page. to do this right click on the web page and select save as option and in the next window give a name for your file and select the type as "webpage,Complete".




As you can see google has placed the password field in a separate page, In-order to download that page provide a valid email address at the first page to continue to the next and download the page in the same way you downloaded the first page. Place the files of both pages in a folder. you should have 2 HTML files and 2 folders with you 


Lets start editing the file with the email address field. Find the  line with the form tag <form> and change the value of the action attribute to the name of the second page, Just change the extension to php when you provide the file name because we will be converting the second file to php.



Here "accounts.gmail.php" is my second file. After changing the action  save the file one as index.php.
We are done with the first file, Now we need to edit the second file. After opening the second file add a session variable and assign the email address we got from the previous page, I used a session variable here because we are going to need the email address in another page.



Next thing we have to do is change the email address displayed to the user,currently it shows the email which you used to download the page.

Find the line where your email address is available and replace the email with the email you got from the previous page. You can even use the session variable we created earlier. 

Then find the form tag in the page and change the action of the form to "redirect.php",you can give any name with extension php, just make sure to name the next page we write with the same name you provide here.


We are done with the second page too,So save the file with the extension .php

Now we need to new page where we can write the username and password we obtained into a text file and redirect our victim to another site.


Lets open up a new text page and save it as redirect.php. then create 2 variables and assign them the username and password, then using php fopen() and fwrite() methods we can write them to a file called logins.txt. Then redirect the victim to another site, in my case to the google drive where you will be able to download a computer game.




We have finished the phishing site, Now you just have host the site and deliver the URL of the phishing site to your victim in  an unsuspecting way. Here we can use a URL shortening service to shorten the URL and send the new URL to the victim saying that they can download games directly from google drive without worrying about the slow download speeds of torrents.
And pray that he or she wouldn't remember that they don't need to login into google drive to download publicly shared items.


How to protect from Phishing attacks?

Always make sure to look at the URL in the address bar and make sure you are in the legit site before entering your credentials.Just because the site has https enabled doesn't mean it is the real site, take a look at the domain to make sure you are in the right place.And popular browsers provide the security for their users to avoid phishing attempts, they detect when a user try to access a known malicious site and warn them about the site, to activate the warnings in chrome go to
 Settings -->advance settings and tick the  protect you and your device from dangerous sites option

Post a Comment

0 Comments