Forum Thread: The Best Way to Use Phlishing to Get Facebook Credentials.

I'll say something that might be the best way to snatch the credentials of your victim but i do not know how to execute it. Pros of NullByte, please shed some insight. Here is the method

If straight away you clone a facebook login page and send it to your victim they will understand its a trap and will not login to it and you will not get the credentials.

Then how to make them enter their ID and password to our phlishing site?

Notice how alot of webpages, polls, voting and all use your facebook/google account to authenticate them?

Check this webpage Here, this page is an actual voting page. And the 'proceed' when clicked will gives a facebook login pop up. So am thinking if you could edit the source code of the page and make the proceed button give our phlishing page, it will be one of the best ways to use the 'phlishing' attack

* Am not telling you should edit the above page itself, i just took it as an example,

What i meant is editing the source code of any page that use facebook login and making the 'procced' buton the phlishing page

Is it possible?

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

7 Responses

Yes, it is. You have to redirect it to the phished page instead of original one. But that should be difficult.

-The Joker

Any idea what to edit in the source code to do that ?

You could make the form submit via a get request instead of a post request.

can you say how to do it :)

W3 schools (where I learn how to do html, javascript) has a page that explains all about forms.

what you say should not be hard to do, I believe if you google enough you can find source code for that

Share Your Thoughts

  • Hot
  • Active