Password Phishing can final result in huge reduction of identification and user’s private aspects. This could outcome in fiscal losses for end users and can also avert them from accessing their very own accounts.
In this post, we will see how an attacker can take gain of manipulating the DNS history for Facebook, redirect website traffic to the phishing page, and seize the account password.
Facebook password phishing
In this article, we will see how an attacker can consider gain of manipulating the DNS report for Facebook, redirect targeted traffic to the phishing page, and get the account password.
1st, we need to have to set up a phishing webpage.
You need to have not be an skilled in internet programming. You can simply Google the actions for getting ready a phishing account.
- To generate a phishing web site, 1st open your browser and navigate to the Facebook login web site. Then, on the browser menu, click on File and then on Help save webpage as…. Then, make certain that you choose a finish web page from the drop-down menu.
- The output should really be an .html file.
- Now let us extract some details here. Open the Phishing folder from the code information provided with this book. Rename the Facebook HTML website page index.html.
- Inside of this HTML, we have to alter the login sort. If you lookup for motion=, you will see it. Here, we modify the login type to redirect the request into a personalized PHP webpage called login.php. Also, we have to alter the ask for system to GET rather of Post.
- You will see that I have added a login.php page in the identical Phishing directory. If you open the file, you will locate the subsequent script:
$benefit) fwrite($tackle, $variable) fwrite($tackle, "=") fwrite($manage, $worth) fwrite($take care of, "rn") fwrite($deal with, "rn") fclose($manage) exit ?>
As shortly as our focus on clicks on the Log In button, we will send the information as a GET ask for to this login.php and we will retail store the submitted facts in our passwords.txt file then, we will shut it.
- Subsequent, we will make the passwords.txt file, wherever the concentrate on qualifications will be stored.
- Now, we will copy all of these data files into varwww and get started the Apache providers.
- If we open the index.html website page domestically, we will see that this is the phishing site that the target will see.
Let’s recap seriously promptly what will transpire when the concentrate on clicks on the Log In button? As soon as our target clicks on the Log In button, the target’s credentials will be sent as GET requests to login.php. Remember that this will materialize due to the fact we have modified the action parameter to mail the qualifications to login.php. Right after that, the login.php will eventually retail outlet the data into the passwords.txt file.
Now, ahead of we start off the Apache companies, enable me make guaranteed that we get an IP handle.
- Enter the next command:
You can see that we are functioning on 10.10.10.100 and we will also begin the Apache services working with:
services apache2 start off
- Let’s validate that we are listening on port 80, and the provider that is listening is Apache:
netstat -antp | grep "80"
Now, let us soar to the goal facet for a second.
In our former section, we have applied google.jo in our script. Right here, we have presently modified our preceding script to redirect the Facebook website traffic to our attacker equipment. So, all our focus on has to do is double-click on on the EXE file. Now, to verify:
- Enable us commence Wireshark and then begin the capture.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open the browser and navigate to https://www.fb.com/:
The moment we do this, we’re taken to the phishing page as a substitute. Right here, you will see the vacation spot IP, which is the Kali IP deal with. So, on the concentrate on facet, once we are viewing or hitting https://www.fb.com/, we are generally viewing index.html, which is set up on the Kali equipment. Once the victim clicks on the login webpage, we will send the facts as a GET request to login.php, and we will store it into passwords.txt, which is at present vacant.
- Now, log into your Fb account employing your username and password. and jump on the Kali facet and see if we get anything at all on the passwords.txt file. You can see it is even now empty. This is since, by default, we have no authorization to generate data. Now, to take care of this, we will give all data files whole privilege, that is, to read through, generate, and execute:
chmod -R 777 /var/www/
Take note that we created this, since we are functioning in a VirtualBox natural environment. If you have a world-wide-web server uncovered to the community, it is negative follow to give complete permission to all of your information thanks to privilege escalation assaults, as an attacker may possibly add a destructive file or manipulate the data files and then browse to the file area to execute a command on his individual.
- Now, soon after providing the permission, we will cease and get started the Apache server just in circumstance:
provider apache2 end service apache2 start
- Immediately after undertaking this modification, go to the focus on equipment and try to log into Fb one particular much more time. Then, go to Kali and simply click on passwords.txt. You will see the submitted details from the target aspect, and we can see the username and the password.
In the conclude, a great indication for a phishing exercise is missing the https signal.