First we create a PHP script that will save the passwords in a text file.
1.) Open notepad and put this code:
2.)Now save this as phish.php
header ('Location: http://www.hi5.com/friend/login.do ');
This URL is where the victim is redirected after logging in to you fake page.
The best way to do this is to go to the original site(in this case hi5) and try to login without username and password.Of course then the site will tell you that the username/password incorrect.Now copy that url and paste in that part of the phish.php script.As you can see the hi5 has got "http://www.hi5.com/friend/login.do"
Now we have succesfully created the script that will save the password in a text file which will be later used to see logged victim password's.
Now we go to http://www.hi5.com and right click / View Source.
Now we need to find the place where LOGIN button in Hi5 page send the user after clicking on it.
To do that we search for something like:
In this case we have:
We replace that part with:
Then we copy the whole source and save this file as login.php.
Now upload these 2 files(login.php and phish.php) to a webhost that supports PHP and you ready to go.Just give your victim the link to your Login.php file and every time they login that php script will create a file titled passwords.txt in the same directory as login.php and phish.php.Just open the password.txt and you will see the passwords.
The phishing link should be something like this:
http://something.awardspace.com/login.php ---> Send this to your victim
And the txt file with the passwords like this:
http://something.awardspace.com/passwords.txt ---> View the passwords with this one.
thanks to messblack
dont join messblack
mess black share your private information with other hackers !