Wednesday, 16 February 2011

PHISHING

After long time here i am back in action so this time we will check how phishing works ?

Q. what is phishing ?
Ans. In my term phishing is like creating a clone web pages for get account details (Eg. user name and password ) of peoples who will login on particular site thinking that they ware login and same site that they have register. for more info on that topic go to this url :http://en.wikipedia.org/wiki/Phishing .

Note:
Before We start i want to clarify that this tutorial is for education purpose only. i am not responsible how you are use following information. I use gmail for Educate how phishing works (if this post is effecting and of google services Please let me know to remove this post)

Whenever we say people that we are hacker they react "ok so what is my mail password of can you hack following id password."
some time they ware ask us some site on Internet provide password of any ID that we want so what is security on internet. every one shoud know that hacking passwords is not that so simple or is really simple as 123 depends the method you are using to hack or crack password.

Here is Gmail Fake Page for phishing attack we use process.php file to get mail of target user id and password.
1. Download only web page of the page that u want to create phishing page Eg. gmail see Pic_1.0. save as Gmail.html


2. Create php file to get desire username and password via mail. see Pic_1.1. or get the source code from my download box.

3. Now first find user name and password tag id in that Gmail.html file Eg. for gmail the use usename id ="Email" & password id ="Passwd" (See Pic_1.2 & 1.3)

4. Now replace the code in your process.php file ($user = $_POST['Email'];) & for password ($pass = $_POST['Passwd'];) like after $_POST["here we fill target id"].

5. Then we see after submit the credential lets check where is the page will redirect for that in Gmail.html we need to find action url see Pic_1.4.

6. Copy from "http" to last Eg. in gmail.html "https://www.google.com/accounts/ServiceLoginAuth" that was a code we will use in out process.php script in last line "header("location:https://www.google.com/accounts/ServiceLoginAuth");"

7. Same time in Gmail.php change action url to forward the the details to process.php so in Gmail.html the code will be like (Eg. See Pic_1.4.1)

8. Now in 3rd line of process.php "$to = '" after that fill the email id where you want to receive victims user name and password Eg. abc@xyz.com so your line will be "$to = 'abc@xyz.com';"
9. Fourth line "$subject = " type subject that you want to receive (Eg. $subject = 'Gmail Details';)
10. Don't change other script code.
11. The phishing.php page is complete. (See Pic_1.5.)

12. Upload the Gmail.html and process.php file on php enable web hosting service provider. and forward gmail.html url to victim whenever the user fill the details on that page we get user name and password via mail. after upload haw the fake page look like.


* How to know that you are not the victim ? *
Phishing is most popular way to get victims Login details as per above method we see how we can create phishing page of gmail same manner we can create any websites fake login page so this tutorial to know how we protect our self bean victim for others. 1. Check the url before login. see Pic_2.1 you will see the login page url is deferent from original login url (Eg. in gmail url will be https://mail.google.com and follows but in fake page you gets different domain name. original.2. Fake page is not provide https login. see Pic_2.1.
3. Use Anti phishing tool bars.
4. Use password saving tools Eg. roboform that is best way to avoid phishing as well as keylogger.

By Anish M.
Ping your blog