Thank you, I've have set it up correctly, Although the spoof sort of works because it allows me (the victim) to gain access to other websites other than 'facebook.com', I'm just wondering how I can implement my own php/html script as the 'fake website' so whenever the victim is trying to gain access to facebook.com, they end up visiting my malicious website. Hence once they attempt to login I'm able to capture their passwords.