Password Phishing can final result in enormous loss of id and user’s confidential particulars. This could consequence in economical losses for users and can also avoid them from accessing their own accounts.
In this short article, we will see how an attacker can consider advantage of manipulating the DNS record for Fb, redirect targeted visitors to the phishing web site, and get the account password.
Facebook password phishing
Here, we will see how an attacker can acquire gain of manipulating the DNS document for Fb, redirect traffic to the phishing web page, and get the account password.
Initially, we need to have to set up a phishing webpage.
You need to have not be an qualified in world wide web programming. You can effortlessly Google the ways for getting ready a phishing account.
- To build a phishing webpage, initial open up your browser and navigate to the Facebook login page. Then, on the browser menu, simply click on File and then on Help you save webpage as…. Then, make absolutely sure that you decide on a total webpage from the drop-down menu.
- The output ought to be an .html file.
- Now let us extract some knowledge right here. Open the Phishing folder from the code documents presented with this ebook. Rename the Fb HTML page index.html.
- Within this HTML, we have to transform the login variety. If you search for motion=, you will see it. Below, we alter the login type to redirect the request into a custom PHP webpage known as login.php. Also, we have to modify the ask for process to GET instead of Publish.
- You will see that I have added a login.php webpage in the very same Phishing listing. If you open the file, you will discover the adhering to script:
$worth) fwrite($handle, $variable) fwrite($manage, "=") fwrite($tackle, $price) fwrite($tackle, "rn") fwrite($take care of, "rn") fclose($deal with) exit ?>
As quickly as our target clicks on the Log In button, we will ship the info as a GET request to this login.php and we will retail outlet the submitted knowledge in our passwords.txt file then, we will shut it.
- Upcoming, we will produce the passwords.txt file, in which the goal credentials will be saved.
- Now, we will duplicate all of these data files into varwww and start off the Apache companies.
- If we open up the index.html webpage domestically, we will see that this is the phishing web page that the target will see.
Let us recap really promptly what will occur when the target clicks on the Log In button? As shortly as our target clicks on the Log In button, the target’s qualifications will be sent as GET requests to login.php. Bear in mind that this will come about due to the fact we have modified the action parameter to deliver the credentials to login.php. Immediately after that, the login.php will at some point retail outlet the information into the passwords.txt file.
Now, prior to we begin the Apache services, allow me make positive that we get an IP address.
- Enter the subsequent command:
ifconfig eth0
You can see that we are operating on 10.10.10.100 and we will also start out the Apache company applying:
company apache2 start out
- Let’s validate that we are listening on port 80, and the support that is listening is Apache:
netstat -antp | grep "80"
Now, let us leap to the target facet for a second.
In our previous area, we have made use of google.jo in our script. Listed here, we have presently modified our prior script to redirect the Fb website traffic to our attacker machine. So, all our focus on has to do is double-click on the EXE file. Now, to confirm:
- Permit us commence Wireshark and then start off the capture.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open up the browser and navigate to https://www.facebook.com/:
After we do this, we’re taken to the phishing web site instead. Right here, you will see the location IP, which is the Kali IP tackle. So, on the concentrate on side, at the time we are viewing or hitting https://www.fb.com/, we are basically viewing index.html, which is established up on the Kali device. Once the victim clicks on the login web page, we will ship the facts as a GET request to login.php, and we will retail outlet it into passwords.txt, which is currently empty.
- Now, log into your Fb account making use of your username and password. and jump on the Kali aspect and see if we get nearly anything on the passwords.txt file. You can see it is continue to vacant. This is mainly because, by default, we have no authorization to create information. Now, to resolve this, we will give all documents comprehensive privilege, that is, to examine, publish, and execute:
chmod -R 777 /var/www/
Notice that we created this, considering the fact that we are managing in a VirtualBox environment. If you have a net server exposed to the community, it is terrible observe to give entire authorization to all of your data files due to privilege escalation attacks, as an attacker may possibly upload a destructive file or manipulate the data files and then look through to the file locale to execute a command on his very own.
- Now, right after providing the authorization, we will end and start off the Apache server just in circumstance:
provider apache2 cease support apache2 start off
- Immediately after carrying out this modification, go to the goal equipment and consider to log into Facebook one particular far more time. Then, go to Kali and click on passwords.txt. You will see the submitted details from the focus on side, and we can see the username and the password.
In the conclusion, a very good sign for a phishing activity is missing the https indication.