Create Website Clones using Kali Linux.
Hello readers,In this tutorial, I'm going to show you how to create a Phishing page and also How to do Phishing Attack. In this tutorial, I'll teach you to step by step explanation of creating an advance Phishing Page. So before reading this blog i would like you all to read my previous blogs related to Hacking CREATE PHISHING PAGE STEP BY STEP STEP 1 - FRIST GO TO YOUR BROWSER AND GO ANY WEBSITE TO MAKE A PHISHING PAGE STEP 2 - INSPECT YOUR PAGE PAGE INFO MENU STEP 3 - COPY ALL HTML CODE AND PASTE YOUR. STEP 6 – DOWNLOAD YOUR TOOLS.
Today's Post Is Really Very Interesting Because In This Post, I am going to show you how you can Create a login page clone by using KALI LINUX .
So, let's Start Today's Tutorial With Some Basic Queries.
Q 1. What Is Website Cloning?
Ans. Website Cloning Is a Process In Which A User Or Program Create Duplicate Copy Of Any Specified Webpage That's Completely Looks And Behave Similarly like Original Page. In This Process, A User Can Use Any Cloning Programme Or Can Also Do Manually. Basically, In This Concept We Copy Html Codes From Original Site And Do Some Editing In Source Codes To Full Fill Our Requirements.
Q 2. Why Hacker's Use Website Cloning Concept?
Ans. Well, With The Help Of This Concept A Hacker Can Create Duplicate Copy of Original Site To Interact With Victim In Place Of Original Site That Can Cause Victim Data leak Or fraud. This Duplicate Webpage Trap is also called Phishing Page. Website Cloning Also Helps Hacker's To Find Vulnerability In Website Source Code. In Short, Website Cloning allow user to Collecting Different Types Of Source Code Information Without Visiting Real Website Again and Again Because All Websites logs client IP address that can cause big problem for hackers.
Now, Let me show you practical example of website cloning.
For Website Cloning Basically We Needs 3 Things
1. Kali Linux (Because Kali linux Come With Pre-installed Website Cloning Tool)
2. Internet Connection (Very Important!! )
3. Victim Website Url (Original Source Code)
How We Will Do it?
Here, For Practise Purpose We will try to create a Clone Page That's Will Look And Behave Like Login Page For Collecting Victim Confidential Data Using Kali Linux Social Engineering Toolkit.
Basically, We Will Redirect Victim Browser To Our Set-up Duplicate Server. This Duplicate Server Will Host Our Specified Cloned Webpage That Interact And Behave Like Original And One Of The Best Feature Of This Page is, This Page Will Save Victim Login Data In Our Local Drive Instead Of Posting data To Original Server.
NOTE : THIS TUTORIAL IS ONLY FOR EDUCATIONAL AND SECURITY PURPOSE ONLY.IF YOU MISUSE OR MISTREAT THE ABOVE INFORMATION,THEN IT CAN BRING UNLAWFUL CHARGES BY THE PERSON ON WHOM YOU SET THIS TRAP.THE AUTHOR WILL NOT BE RESPONSIBLE IN THE EVENT ANY UNLAWFUL CHARGES ARE BROUGHT TO YOU BY ANY INDIVIDUALS BY MISUSING THE ABOVE INFORMATION.WE WON'T TAKE RESPONSIBILITY FOR ANY OF YOUR ACTION RELATED TO ABOVE INFORMATION.
Now lets start.
Open terminal using Ctrl+Alt+t or click on the small black window image on the top left of your screen. Once terminal Open, type Below code carefully.
Phishing Page Maker
This Command Will Show You Your IP Address. Note Your IP Address.
Now in Next step, open social engineering toolkit.
To Open Social Engineering Toolkit type below command in terminal.
You will see something in terminal of your system as shown below in the Image
Now, As shown in the image below type 'y' if you also faced this message
Now, You will see main menu of Social Engineering Toolkit
As shown above in image, Press '1' and hit enter as we are going to do Social-Engineering Attacks.
Once again,you will get a menu similarly like as shown above in the image. There You Need To press '2' and hit enter Because We are going to Use Website Attack Vectors,
Now, Again In Third Menu ... We Will Select 'credential Of Victim' Because Basically In this method,we are going to steal the credential of the victim so press ' 3' and hit enter as it will select credential harvester attack method.
Then, You will See new menu as shown below in the image.
Since,we want to capture user name and password which is credential of victim,
so we need to trap the victim in a Duplicate page Of original website page(like phishing page) and for that we need to clone a webpage.
To do Site Cloning,
press '2' and hit enter which will open something like shown below.
In above image,you might have noticed a green colour rectangle box made by me, In this
Phishing Page Creator
box you will find a message saying 'tabnabbing:Your IP Address' where you need to enter your ip address. (For IP address type 'ifconfig' Or check starting of this tutorial.)Please note that if you don't put your computer IP address Correctly. This method won't work.
So, After entering your Correct IP address, hit enter.
Now It will ask you to enter the url of webpage that you want to clone as shown
below.
Here, i had entered 'http://www.facebook.com' as i want to steal someone Facebook account Data.
Phishing Website Maker
It will give a message that its working on cloning the site and will take a little bit time.
After the process is completed.
The next step is the most important step.
Now, We will Create A Server That Will Handle Our All Hosting Problems Automatically
and Also make our IP address online available.
In Short This Server Will Handle Client Browser who visit Our IP address, will see our cloned page which will look like Original Website. In this step, To Increase Your Success Probability I Will Suggest you to shortened your IP address by using services like ADF.LY, Binbox, Goo.gl,etc. Once you enter your ip address on these sites to shorten, they will provide you a short link, then all you need to do is just send this shortened link to your victim.
When the victim visit the url which you have sent them,the will see a same page of which
url you had entered to clone the website.
The victim will think that it is a original page
and when the victim enters any of their information,you will see that information in the
/var/www/harvester path as screen shot given below.
After Opening This Txt File you Will See Username and Password in format as given below
In this example, I used facebook.com. But You Can Use Any Other as Your Requirements.
Cloning/Phishing Tutorial Complete!
Written By
Ever heard about Phishing page and Phishing Attack? Today I’m going to show you how to create a Phishing page & How to do Phishing Attack step by step full tutorial. So, do you know
Table Of Content
- 1 What is Phishing Page?
- 1.3 How to make a php script?
This Tutorial is for Education Purpose only!!!
Phishing is a technique by which we create a similar web page(Phishing Page) to the original one. In this technique, we copy original website page code and do some changes to it. Then upload it to the hosting and access it from anywhere.
Here is the list of things that you will learn from this post
- How to copy the code from the original website
- How to do some changes in this code
- How to make a php script
- How to upload it to the Hosting
- and a lot more !!!
Umm!!! Interested to read further ?? I’m sure you will like this tutorial and you want this tutorial. 😛
DON’T MISS:- web.whatsapp.com Hack Tutorial Step by Step Explanation
How to copy the code from the original website
Open a website of which Phishing page do you want then press ctrl+U to open its source code file. For ex:- I’m copying the code of Facebook.com and then I will make a facebook phishing page. Well, this is what which you want …Right!! 😛
So I’m copying the source code from Fcaebook.com by pressing ctrl+U. You can see here the source code from Facebook.com is shown here.
The only thing you have to do is to select all code and then copy this code by pressing ctrl+A and then ctrl+C and then open a notepad file and paste it there by pressing ctrl+V.
You can see here I pasted down the whole code from website to my notepad file.
How to do some changes in this code?
Now, you have to find this line by pressing ctrl+F and type this whole line there and press Enter.
action=”https://www.facebook.com/login.php?login_attempt=1&lwv=110″ method=”post”
Let’s do some changes, You can see the path of Facebook is shown here. Copy this whole path and replace it with login.php and also change the method from post to get. and save this notepad file with the name fb.html.
How to make a php script?
Do you know Php Language? Well, If you don’t know anything about Php Language then no problem but in the future, I recommend you to learn this language. So, I’m giving you a PHP code which will save the username password which is entered on our fb.html page. and it also saves different username and password to a new line. When the victim enters his username and password to it then this PHP script will redirect that user to the original Facebook page.
So, here’s the Php script
<?php
header(“Location: https://www.facebook.com”);
$handle = fopen(“logs.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rn”);
fclose($handle);
exit;
?>
Just copy this script and paste it down to your notepad file and then save this file with a name hack.php
One more thing creates a blank notepad file with a logs.txt name on which victim’s usernames and password will save.
Now, you have three notepad files one is none.html and second is login.php and third is logs.txt. Just copy all files and save it to a new folder.
How to upload Facebook Phishing Page to the Hosting?
Let Understand what is Hosting and Domain. To open a website we must have a domain, hosting. So, Domain is the name of our website. For ex :- I have Hackingblogs.com This is my domain. and the location where this domain has parked this location is known as hosting.
Still Confused!! Let’s Understand with an Example, Whenever we open a new store then we have to decide two things
- Store’s Name
- Land/room
Similarly, For opening a website we need Domain for a website which is unique. and the second one is the land which is hosting on the Internet. Hosting and Domain are paid and some websites also provide this hosting and domain at free of cost.
Here’s the list of Free hosting providers website.
- and many more…
Phishing Page Maker Tool Online
I’m using 000webhost here. So, open this website and do sign up there. In the field of a website, name leaves it blank.
Phishing Page Maker Tools
and now you have to take a domain which looks similar to Facebook. If you don’t know about creating a similar word the same as the original one. Check my earlier post.
I’m sharing some website link which provides free domains.
Facebook Phishing Page Download
You can use any of them to register a domain for free. Now, come to the hosting. You can use any of the websites. Now, the post is becoming so long so, at 29 April I will upload Its second part in which I will show you how to attach domain and hosting and also tell some tricks which nobody tells you. 🙂 So, do subscribe to the new post. Good Bye 🙂
Phishing Page Maker Tool Download
This is the Second Part:- How to Upload a Phishing page on Hosting | Phishing Page Part 2