Ive read a couple of posts about phishing on this forum and made a mediocre facebook page that redirects the user to the real FB login page. Although this helps capture passwords, if the victim is aware of this, he can easily browse the root of the webpage and look at all the captured passwords <kind of whaling>. Is there anyway to secure them? Also, I was wondering if anyone managed to successfully pass on the credentials to facebook and log in the victim so it will be completely transparent?
Ideas taken from bobbyb1980's thread: Bobbyb1980's Thread
And Darren : Darren's Post
Below is my code, I know it sucks but this is the first time I ever coded PHP, I just looked up some tutorials..
http://pastebin.com/G9RXxGW7
Cheers for reading
N.B: Use
chmod o+w /var/www/
so PHP can make and write the files. Figured that out the hard way ;)