I'll say something that might be the best way to snatch the credentials of your victim but i do not know how to execute it. Pros of NullByte, please shed some insight. Here is the method
If straight away you clone a facebook login page and send it to your victim they will understand its a trap and will not login to it and you will not get the credentials.
Then how to make them enter their ID and password to our phlishing site?
Notice how alot of webpages, polls, voting and all use your facebook/google account to authenticate them?
Check this webpage https://nh7.in/converse/vote Here, this page is an actual voting page. And the 'proceed' when clicked will gives a facebook login pop up. So am thinking if you could edit the source code of the page and make the proceed button give our phlishing page, it will be one of the best ways to use the 'phlishing' attack
* Am not telling you should edit the above page itself, i just took it as an example,
What i meant is editing the source code of any page that use facebook login and making the 'procced' buton the phlishing page
Is it possible?
7 Responses
Yes, it is. You have to redirect it to the phished page instead of original one. But that should be difficult.
-The Joker
Any idea what to edit in the source code to do that ?
You could make the form submit via a get request instead of a post request.
can you say how to do it :)
W3 schools (where I learn how to do html, javascript) has a page that explains all about forms.
thank you Qaleb :)
what you say should not be hard to do, I believe if you google enough you can find source code for that
Share Your Thoughts