Facebook password phishing with DNS manipulation [Tutorial]
Password Phishing can final result in massive reduction of identification and user’s private aspects. This could outcome in money losses for end users and can also avert them from accessing their have accounts.
In this posting, we will see how an attacker can just take advantage of manipulating the DNS history for Fb, redirect targeted visitors to the phishing web page, and grab the account password.
Facebook password phishing
Right here, we will see how an attacker can just take edge of manipulating the DNS history for Fb, redirect website traffic to the phishing website page, and grab the account password.
Initially, we want to established up a phishing website page.
You need to have not be an qualified in internet programming. You can conveniently Google the techniques for planning a phishing account.
- To create a phishing web site, very first open up your browser and navigate to the Facebook login web page. Then, on the browser menu, click on File and then on Preserve web site as…. Then, make guaranteed that you choose a comprehensive webpage from the drop-down menu.
- The output should be an .html file.
- Now let us extract some data in this article. Open the Phishing folder from the code information provided with this reserve. Rename the Facebook HTML website page index.html.
- Inside this HTML, we have to alter the login form. If you research for action=, you will see it. Right here, we change the login form to redirect the ask for into a custom made PHP web page referred to as login.php. Also, we have to improve the request technique to GET as a substitute of Submit.
- You will see that I have added a login.php web page in the similar Phishing listing. If you open the file, you will obtain the adhering to script:
$value) fwrite($handle, $variable) fwrite($manage, "=") fwrite($take care of, $value) fwrite($cope with, "rn") fwrite($handle, "rn") fclose($handle) exit ?>
As before long as our target clicks on the Log In button, we will ship the information as a GET ask for to this login.php and we will retailer the submitted knowledge in our passwords.txt file then, we will near it.
- Subsequent, we will create the passwords.txt file, exactly where the target credentials will be saved.
- Now, we will duplicate all of these information into varwww and commence the Apache expert services.
- If we open the index.html website page domestically, we will see that this is the phishing webpage that the goal will see.
Let us recap actually quickly what will take place when the focus on clicks on the Log In button? As before long as our concentrate on clicks on the Log In button, the target’s qualifications will be sent as GET requests to login.php. Keep in mind that this will happen for the reason that we have modified the action parameter to mail the credentials to login.php. Soon after that, the login.php will sooner or later retail store the details into the passwords.txt file.
Now, prior to we get started the Apache companies, allow me make absolutely sure that we get an IP deal with.
- Enter the subsequent command:
You can see that we are running on 10.10.10.100 and we will also start out the Apache services making use of:
services apache2 begin
- Let’s validate that we are listening on port 80, and the service that is listening is Apache:
netstat -antp | grep "80"
Now, let us jump to the target aspect for a next.
In our past section, we have made use of google.jo in our script. Listed here, we have previously modified our previous script to redirect the Fb site visitors to our attacker equipment. So, all our concentrate on has to do is double-click on on the EXE file. Now, to verify:
- Allow us begin Wireshark and then commence the seize.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open the browser and navigate to https://www.facebook.com/:
When we do this, we’re taken to the phishing web site as an alternative. Listed here, you will see the place IP, which is the Kali IP deal with. So, on the goal facet, at the time we are viewing or hitting https://www.fb.com/, we are essentially viewing index.html, which is established up on the Kali device. Once the victim clicks on the login page, we will mail the data as a GET ask for to login.php, and we will keep it into passwords.txt, which is currently vacant.
- Now, log into your Facebook account applying your username and password. and jump on the Kali side and see if we get everything on the passwords.txt file. You can see it is even now vacant. This is simply because, by default, we have no permission to generate info. Now, to resolve this, we will give all documents full privilege, that is, to browse, produce, and execute:
chmod -R 777 /var/www/
Notice that we made this, considering that we are functioning in a VirtualBox surroundings. If you have a internet server uncovered to the community, it’s lousy observe to give complete authorization to all of your information thanks to privilege escalation attacks, as an attacker may possibly add a malicious file or manipulate the files and then search to the file location to execute a command on his very own.
- Now, immediately after offering the permission, we will quit and start off the Apache server just in case:
support apache2 halt company apache2 start off
- Soon after doing this modification, go to the focus on equipment and try to log into Facebook a person extra time. Then, go to Kali and simply click on passwords.txt. You will see the submitted information from the concentrate on facet, and we can see the username and the password.
In the end, a great indication for a phishing exercise is lacking the https signal.