Password Phishing can result in large reduction of identity and user’s private particulars. This could result in economic losses for consumers and can also stop them from accessing their own accounts.
In this short article, we will see how an attacker can choose benefit of manipulating the DNS history for Fb, redirect targeted visitors to the phishing website page, and grab the account password.
Fb password phishing
Here, we will see how an attacker can acquire advantage of manipulating the DNS history for Fb, redirect visitors to the phishing site, and seize the account password.
Initial, we will need to set up a phishing website page.
You want not be an expert in web programming. You can quickly Google the steps for getting ready a phishing account.
- To make a phishing website page, to start with open your browser and navigate to the Facebook login website page. Then, on the browser menu, click on File and then on Preserve page as…. Then, make confident that you pick a full site from the fall-down menu.
- The output should be an .html file.
- Now let’s extract some knowledge here. Open the Phishing folder from the code information offered with this e book. Rename the Fb HTML page index.html.
- Inside of this HTML, we have to adjust the login kind. If you lookup for action=, you will see it. Below, we transform the login variety to redirect the request into a customized PHP webpage named login.php. Also, we have to alter the request process to GET instead of Article.
- You will see that I have extra a login.php website page in the exact Phishing listing. If you open the file, you will discover the next script:
$value) fwrite($deal with, $variable) fwrite($handle, "=") fwrite($take care of, $price) fwrite($tackle, "rn") fwrite($tackle, "rn") fclose($manage) exit ?>
As soon as our concentrate on clicks on the Log In button, we will send the knowledge as a GET request to this login.php and we will retail store the submitted information in our passwords.txt file then, we will shut it.
- Following, we will produce the passwords.txt file, where the concentrate on qualifications will be stored.
- Now, we will duplicate all of these data files into varwww and commence the Apache solutions.
- If we open up the index.html webpage locally, we will see that this is the phishing web page that the goal will see.
Let’s recap actually speedily what will materialize when the target clicks on the Log In button? As soon as our target clicks on the Log In button, the target’s qualifications will be sent as GET requests to login.php. Keep in mind that this will materialize due to the fact we have modified the motion parameter to mail the credentials to login.php. Just after that, the login.php will finally retail outlet the data into the passwords.txt file.
Now, ahead of we commence the Apache providers, let me make certain that we get an IP tackle.
- Enter the subsequent command:
You can see that we are operating on 10.10.10.100 and we will also begin the Apache services employing:
support apache2 start off
- Let us validate that we are listening on port 80, and the provider that is listening is Apache:
netstat -antp | grep "80"
Now, let us bounce to the target facet for a 2nd.
In our prior part, we have employed google.jo in our script. Listed here, we have previously modified our preceding script to redirect the Facebook targeted traffic to our attacker equipment. So, all our concentrate on has to do is double-click on the EXE file. Now, to confirm:
- Enable us start off Wireshark and then get started the seize.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open up the browser and navigate to https://www.facebook.com/:
The moment we do this, we’re taken to the phishing web page rather. Listed here, you will see the location IP, which is the Kali IP address. So, on the target facet, when we are viewing or hitting https://www.fb.com/, we are in essence viewing index.html, which is set up on the Kali equipment. Once the sufferer clicks on the login website page, we will ship the information as a GET ask for to login.php, and we will keep it into passwords.txt, which is currently empty.
- Now, log into your Facebook account applying your username and password. and jump on the Kali facet and see if we get everything on the passwords.txt file. You can see it is nevertheless empty. This is simply because, by default, we have no permission to produce knowledge. Now, to fix this, we will give all data files full privilege, that is, to browse, publish, and execute:
chmod -R 777 /var/www/
Take note that we built this, due to the fact we are functioning in a VirtualBox ecosystem. If you have a net server uncovered to the general public, it’s bad follow to give full authorization to all of your information owing to privilege escalation assaults, as an attacker may possibly upload a malicious file or manipulate the documents and then look through to the file area to execute a command on his personal.
- Now, following providing the authorization, we will cease and begin the Apache server just in scenario:
services apache2 end assistance apache2 commence
- After carrying out this modification, go to the goal machine and try to log into Facebook a person far more time. Then, go to Kali and click on passwords.txt. You will see the submitted data from the focus on side, and we can see the username and the password.
In the close, a great sign for a phishing action is lacking the https sign.