Today, we will do this by creating a fake Gmail or Orkut login page. First of all, you need a web hosting account. There are so many free web hosting services available like www.t35.com, www.0fees.net, www.110mb.com, www.zymic.com and so on. You can choose any of them. While you sign up, just make sure your web host provides PHP support. Let's say you have opened a website called www.xyz.t35.com.
Create a file named 'login.php'. Make sure it's not login.php.txt. Most people make it wrong as login.php.txt as they create it by notepad. Be sure it's only login.php. In login.php, write the code below:
Go to www.mail.google.com and view it's source code (ctrl + u). Copy the whole source code and paste it in notepad. Press Ctrl + f and search for action="https://www.google.com/accounts/ServiceLoginAuth" and replace it with action="login.php".
Again search for action="https://www.google.com/accounts/ServiceLoginAuth" and replace it with action="login.php".
Save the notepad file as index.html. Now, upload login.php and index.html to your web hosting account. You are ready now to steal other's Gmail user id and password. Send your website link (we supposed it as www.xyz.t35.com) to your victim and convince him/her to login through that site. When your victim will try to login with his/her user id and password, you open the link www.xyz.t35.com/gmail.htm. Your victim's user id and password will be appear on your screen.
You can make a fake login page of Orkut also. This whole procedure is same for Orkut. Just, when you copy the source code of mail.google.com, instead it, copy the source code of www.orkut.com. Follow this same procedure and you're ready to go.
NOTE:
- This blog post is purely for learning purpose.
- Phishing is illegal. If you are accused of phishing, it can cause you imprisonment.
- You may not be able to use your web hosting account for long period as phishing scripts are prohibited to host.
No comments:
Post a Comment