Phishing Page Maker Tool
Defend the Human Attack Surface Don't just manage incidents, secure your riskiest employees with tailored security controls Schedule a demo Defend the Human Attack Surface Don't just manage incidents, secure your riskiest employees with tailored security controls Schedule a demo Defend. Simulate real-world phishing attacks and run one or multiple campaigns for security awareness with the help of this specialized and user-friendly tool What's new in King Phisher 1.14.0: Added the.
Create Website Clones using Kali Linux.
- Step12; After uploading the phishing files successfully, you will see the index.htm and hack.php files in the file manager under the publichtml directory. Step13; Now you will see index.htm and post.php in the public HTML folder. Simply right-click on index.htm file and click on view.
- Gmail Phishing Page Free Download. This tutorial Gmail Phishing is for educational purposes only. If misused, you will be shut down by the government. Be careful and be safe. It just has to understand the reality behind phishing. If you already read my article on phishing.
Today's Post Is Really Very Interesting Because In This Post, I am going to show you how you can Create a login page clone by using KALI LINUX .
So, let's Start Today's Tutorial With Some Basic Queries.
Q 1. What Is Website Cloning?
Ans. Website Cloning Is a Process In Which A User Or Program Create Duplicate Copy Of Any Specified Webpage That's Completely Looks And Behave Similarly like Original Page. In This Process, A User Can Use Any Cloning Programme Or Can Also Do Manually. Basically, In This Concept We Copy Html Codes From Original Site And Do Some Editing In Source Codes To Full Fill Our Requirements.
Q 2. Why Hacker's Use Website Cloning Concept?
Ans. Well, With The Help Of This Concept A Hacker Can Create Duplicate Copy of Original Site To Interact With Victim In Place Of Original Site That Can Cause Victim Data leak Or fraud. This Duplicate Webpage Trap is also called Phishing Page. Website Cloning Also Helps Hacker's To Find Vulnerability In Website Source Code. In Short, Website Cloning allow user to Collecting Different Types Of Source Code Information Without Visiting Real Website Again and Again Because All Websites logs client IP address that can cause big problem for hackers.
Phishing Page Generator
Now, Let me show you practical example of website cloning.For Website Cloning Basically We Needs 3 Things
1. Kali Linux (Because Kali linux Come With Pre-installed Website Cloning Tool)
2. Internet Connection (Very Important!! )
3. Victim Website Url (Original Source Code)
How We Will Do it?
Here, For Practise Purpose We will try to create a Clone Page That's Will Look And Behave Like Login Page For Collecting Victim Confidential Data Using Kali Linux Social Engineering Toolkit.
Basically, We Will Redirect Victim Browser To Our Set-up Duplicate Server. This Duplicate Server Will Host Our Specified Cloned Webpage That Interact And Behave Like Original And One Of The Best Feature Of This Page is, This Page Will Save Victim Login Data In Our Local Drive Instead Of Posting data To Original Server.
NOTE : THIS TUTORIAL IS ONLY FOR EDUCATIONAL AND SECURITY PURPOSE ONLY.IF YOU MISUSE OR MISTREAT THE ABOVE INFORMATION,THEN IT CAN BRING UNLAWFUL CHARGES BY THE PERSON ON WHOM YOU SET THIS TRAP.THE AUTHOR WILL NOT BE RESPONSIBLE IN THE EVENT ANY UNLAWFUL CHARGES ARE BROUGHT TO YOU BY ANY INDIVIDUALS BY MISUSING THE ABOVE
INFORMATION.WE WON'T TAKE RESPONSIBILITY FOR ANY OF YOUR ACTION RELATED TO ABOVE INFORMATION.Now lets start.
Open terminal using Ctrl+Alt+t or click on the small black window image on the top left of your screen. Once terminal Open, type Below code carefully.
This Command Will Show You Your IP Address. Note Your IP Address.
Now in Next step, open social engineering toolkit.
To Open Social Engineering Toolkit type below command in terminal.
You will see something in terminal of your system as shown below in the Image
Now, As shown in the image below type 'y' if you also faced this message
Now, You will see main menu of Social Engineering Toolkit
As shown above in image, Press '1' and hit enter as we are going to do Social-Engineering Attacks.
Once again,you will get a menu similarly like as shown above in the image. There You Need To press '2' and hit enter Because We are going to Use Website Attack Vectors,
Now, Again In Third Menu ... We Will Select 'credential Of Victim' Because Basically In this method,we are going to steal the credential of the victim so press ' 3' and hit enter as it will select credential harvester attack method.
Then, You will See new menu as shown below in the image.
Since,we want to capture user name and password which is credential of victim,
so we need to trap the victim in a Duplicate page Of original website page(like phishing page) and for that we need to clone a webpage.
To do Site Cloning,
press '2' and hit enter which will open something like shown below.
In above image,you might have noticed a green colour rectangle box made by me, In this
box you will find a message saying 'tabnabbing:Your IP Address' where you need to enter your ip address. (For IP address type 'ifconfig' Or check starting of this tutorial.)
Please note that if you don't put your computer IP address Correctly. This method won't work.
So, After entering your Correct IP address, hit enter.
Now It will ask you to enter the url of webpage that you want to clone as shown
below.
Here, i had entered 'http://www.facebook.com' as i want to steal someone Facebook account Data.
It will give a message that its working on cloning the site and will take a little bit time.
After the process is completed.
The next step is the most important step.
Now, We will Create A Server That Will Handle Our All Hosting Problems Automatically
and Also make our IP address online available.
In Short This Server Will Handle Client Browser who visit Our IP address, will see our cloned page which will look like Original Website. In this step, To Increase Your Success Probability I Will Suggest you to shortened your IP address by using services like ADF.LY, Binbox, Goo.gl,etc. Once you enter your ip address on these sites to shorten, they will provide you a short link, then all you need to do is just send this shortened link to your victim.
When the victim visit the url which you have sent them,the will see a same page of which
Phishing Page Maker Tool Download
url you had entered to clone the website.
The victim will think that it is a original page
and when the victim enters any of their information,you will see that information in the
/var/www/harvester path as screen shot given below.
After Opening This Txt File you Will See Username and Password in format as given below
In this example, I used facebook.com. But You Can Use Any Other as Your Requirements.
Cloning/Phishing Tutorial Complete!
Please NOTE :- Victim can identify that the page is a trap as the address bar of browser will be having your IP address.For best results,send the shortened url to victim mobile and ask them to visit urgently,or you can say visit this link and login to get latest updates of their favourite contents,etc.
Written By
Phishers are fake pages which are intentionally made by hackers to steal the critical information like identity details, usernames, passwords, IP address and other such stuff. As i mentioned intentional, which clearly means its illegal and its a cyber crime. Phishing is basically a social engineering technique to hack username and passwords by deceiving the legitimate users. Phishers are sent normally using spam or forged mails.
Note: This article is for educational purposes only, any misuse is not covered by Hacking loops or CME.
What is Phishing?
Phishing is basically derived from the word called Fishing which is done by making a trap to catch the fishes. Similarly in case of hacking, hackers make Phish pages (traps) to deceive the normal or unaware user to hack his account details. Phishing technique is advancing day by day, its really tough to believe that on what extent this technique is reached but this is always remains far away from normal internet users and most of hackers.
Most of hackers and computer geeks still believe that Phishing attempt can be easily detected by seeing the URL in address bar. Below are some myths that hacking industry still have about Phishing. I will mention only few because then article will become sensitive and major security agencies will flag my website for posting sensitive data. So i will only explain the facts, if you need the same you need to fill the form and give us assurance that you will not misuse it.
Myth’s about Phishing among Computer Geeks and Hackers
1. Almost each and every Hacker or computer Geek, thinks that Phishing attempt can be detected by just having a look on the URL. Let me tell you friends it was old days when you recognize Phishers by seeing URL’s. But nowadays recent development in Cross site scripting(XSS) and Cross site Script forgery has made it possible that we can embed our scripts in the URL of famous websites, and you must know scripting has no limitations. Below are some examples that you can do from scripting:
a. Embed a Ajax Keylogger into the main URL and user clicks on the URL, keylogger script will get executed and all the keystrokes of the user will get record.
b. Spoof the fake URL: If you are little bit good in scripting and web browser exploits recognition then this can be easily done. What you need to do you need to write a script which will tell web browser to open fake page URL whenever user opens some website like Facebook. Just you need to manipulate the host file and manipulate the IP address of that website from Host file(found in windows folder).
c. Simply retrieving the information saved in the web browser like saved passwords, and bookmarks etc. Just need to write a script which will explore the locations in Windows user profile (where actually the stored information of web browsers saved).
2. One biggest myth, when you enter the data into the fake page, it will show either some warning message or show login information is incorrect. Rofl, new phishers are bit smart, now they don’t show warning messages, when you login through fake page. They will actually login you into your account, and simultaneously at the back end they will steal your information using batch scripts.
So friends i think this is enough back ground about new phishing technologies. Let’s learn how to make a basic Phisher of any website in less than one or two minutes.
Steps to make your own Phisher:
1. Open the website Login or Sign in page whose phisher you want to make. Suppose you pick Gmail.
2. Right click to view the source and simultaneously open notepad.
3. Copy all the contents of the source into the notepad file.
4. Now you need to search for word action in the copied source code. You will find something like below:
Create A Phishing Page
| Manipulate action and method |
Now in this line you need to edit two things, first method and then action. Method Post is used for security purposes which encrypts the plain text, so we need to change it to GET.
Action field contains the link to next page, where it should go when you click on login or press enter. You need to change it to something.php (say lokesh.php).
6. Now open the Notepad again and paste the below code in that:
| Batch script for Phisher |
7. Location contains the next page URL, where you wish to send to user and passwords.html will contains the passwords.
8. Now save this file as lokesh.php as told in step number 4.
9. Now create an empty file and name it as passwords.html, where the password get stored.
10. Upload all the three file to any web server and test it.
Note: In case of facebook, it will show error after user login, for that you need to use tabnabbing trick.
Note: Always keep the extension correct, otherwise it will not work. So always use save as trick rather than save otherwise it will save files as lokesh.php.txt.
That’s all from my side today, I hope you all enjoyed this article..
If you have any issues ask me in form of comments..