How to phish

grayboygrayboy Acolyte
edited July 2010 in Tech & Games
How to-make a phishing page by Grayboy 

What is a phishing page?
A phishing page is a fake login page, for example a fake facebook login. Instead of logging you into facebook, it keeps the password!

Preparation work

A journey of a thousand miles starts with a first step, here is yours. This needs to be organised, so create a folder on your pc called “phishing”. Then right click inside it and go to new, then new notepad document. Make two of these. Then go onto tools>folder options>view. Scroll right down and make sure the box that says “hide extensions for known file types” is not ticked.
Now you are ready to begin.

Step one-choose your target.

To phish, you need a website to phish. The only rule is it has to have a login. Social networking sites are the most common, full to the brim with retarded teenagers as well so it is target rich, and half of them have the same password on there as there hotmail. Your choice however, for the sakes of this run through lets do facebook.

Step two-make the index page.

This is like the home page of the phishing site, which the target will see. We need to make it exactly like facebook, tricky right? Nope, just copy their code! To do this go onto, right click in the white spaces and go to “view page source”. When it opens up press “CTRL+A”, then “CTRL+C” to copy the code to your ciipboard.

Ok now open up one of your notepad documents. Copy it all in. Press “CTRL+F” and type action into the bar that comes up. Next to “action” is a website address in some parenthesis. Take out the address but not the parenthesis, and replace it with “post.php” . Now save this as “index.htm, thus making it into a webpage that bears a striking resemblance to facebook.

Step three-make the php file.
This is the form that handles the fake login. It will send the reader to facebook after they have logged in like they have typed the wrong password. Plus it will create a text file with the password in it which will be called username.txt

Copy this code into the second notepad document;
header ('Location:');
$handle = fopen("usernames.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
fwrite($handle, "\r\n");

Remember, where it says facebook, it can be changed to any site.

Save this as “post.php”.

Step 4-hitting the World Wide Web!

Whilst this is all well and good, it won’t do anything sat on your computer! It need to be uploaded.
Remember phishing is illegal, and even though it is very laxly enforced, it still makes sense not to have your ip (internet protocol) address linked to it as it can be tracked back to you. So go on and choose one of the many proxies linked.
Test it, see if it is fast. If it is use it go to
Also open a temporary email account on , use this to provide an email address.
Get your username as close to facebook as possible, and give a fake name and address.
Then go to filemanager, delete the index.htm that is already there. Now upload your own index.htm and post.php.
Ok now time to test it ,type in a random username and password, let the form go through. Then go back to your file manager and a new file called usernames.txt should be there. Click it and, as if by magic the username and password you provided will be there!

Step 5-Getting it out their!

Okay now for this you are going to need a fake email. Again use proxies and fake names to create it. The fake name should be “facebook” so that’s what the targets see when your email comes through. Something like [email protected] should be ok.

You need people to send it to. If you know any particular people you want to phish do them, but I am assuming you like everyone you know pretty much and need randomers. If that is the case google is our friend!

Go on google and type in site:[url]””[/url] . Or you can type in filetype:ctt "@msn&quot; on google. Both of these will give you lots of targets. Copy these using this -

Now you need to get the actual content sorted. I recommend using a real email from the site and personalising it. For example;

Rosanna (Any girls name will do xd) tagged 5 photos of you in the album "AWESOME tymes xx".

To see the photos, follow the link below:
Your link here with a load of random stuff afterwards to bulk it out. For example I would use ,except yours will sound a lot more realistic xd
The Facebook Team

Find people from your Windows Live Hotmail address book on Facebook! Go to:

Do you want to control which emails you receive from Facebook? Go to:
Facebook's offices are located at 1601 S. California Ave., Palo Alto, CA 94304.
So send all these emails out and hope for the best, remember it is a luck thing xd, a law of averages dictates you will get like 30% maybe, so send loads out 

Step 6-Using the passwords

Again use a proxy to access them. Now you might be bored and just want to deface some facebooks or whatever, and that’s fine. However I would trying the password with there hotmail/email address seriously recommend  .If you get into a hotmail use a proxy, do all the password reminders you can, and remember to double delete (delete from delete folder as well) any reminders or resets you use . Also any email you read you should mark as unread afterwards , just to be on the safe side 

Okay, thanks for reading, and remember this is all educational innit? ;)


  • megamanmegaman Acolyte
    edited July 2010
    i know some kid who I've never talked to who posted a website on and said hay don't you know this kid and the site was like and it led to a site that barely reassembled facebook though it wouldn't be a bad idea to make the site actually led to you facebook after you log in.
  • edited July 2010
    Interesting guide, thanks for the information. I have a phishing guide somewhere on my HDD. It's not mine though, think it belongs to Slim.
  • NumberjumboNumberjumbo Regular
    edited July 2010
    trx100 wrote: »
    Interesting guide, thanks for the information. I have a phishing guide somewhere on my HDD. It's not mine though, think it belongs to Slim.
    I made a phishing guide that was on tM ages ago.
  • edited July 2010
    Ah, sorry. I got a little confused there. Why don't you post it?

    The guide I used is by Mr.Stoned I think, it's stickied in the Computer's section.
  • NumberjumboNumberjumbo Regular
    edited July 2010
    I don't think I have it anymore. Might be somewhere on here but I think I just wrote it to post it then discarded it.
  • grayboygrayboy Acolyte
    edited July 2010
    I don't think I have it anymore. Might be somewhere on here but I think I just wrote it to post it then discarded it.

    Yeah, wasnt it in the official FAQ bro? I remember it, it was good shit, I found it overcomplicated in places but yea, it got the job done you know :) Cool shit bro.
Sign In or Register to comment.