Mark4FanGer Posted March 25, 2012 Share Posted March 25, 2012 Hello Forums, some questions: i would like to build a package (with scripts and pages) to phish some passwords for facebook, twitter and so on. doing this for one of the pages wasnt hard (as described here often). all credentials should be writen to a file (seperated for each page, twitter.txt for twitter, facebook.txt for facebook and so on.) it should be easy extentable (means easy to add another pages) its easy to redirect all pages together, but this is not what i want. so any ideas ? regards Quote Link to comment Share on other sites More sharing options...
DAV Posted March 25, 2012 Share Posted March 25, 2012 i don't quite understand what are you having difficulty with.. :) ask what you need and i will help you as much as i can.. Quote Link to comment Share on other sites More sharing options...
killuminati Posted March 25, 2012 Share Posted March 25, 2012 I think what I gather from what he said is a SINGLE script which is able to pull off logins and passwords of sites what ever they may be. From what I know thats not possible since each site looks different and as a result has different code. Could you clarify? I too am looking into starting to create my own phishing files... Hoping to get quite proficient to the point it wont take me a matter of minutes to make one from what ever site I pick. =) Quote Link to comment Share on other sites More sharing options...
iamk3 Posted March 25, 2012 Share Posted March 25, 2012 I think he is asking if it would be possible to have multiple landing pages. Eg: www.gmail.com ----> www.gmail.com/gmailredirect.php And www.facebook.com ----> www.facebook.com/facebookredirect.php And www.twitter.com ----> www twitter.com/twitterredirect.php Etc... All at the same time. (without changing scripts) Quote Link to comment Share on other sites More sharing options...
CanadianTaco Posted March 25, 2012 Share Posted March 25, 2012 Hello Forums, some questions: i would like to build a package (with scripts and pages) to phish some passwords for facebook, twitter and so on. doing this for one of the pages wasnt hard (as described here often). all credentials should be writen to a file (seperated for each page, twitter.txt for twitter, facebook.txt for facebook and so on.) it should be easy extentable (means easy to add another pages) its easy to redirect all pages together, but this is not what i want. so any ideas ? regards This guide was originally meant for the older models of the pineapple, but the scripts still work: http://hak5.org/hack/pineapple-phishing I have my pineapple set up for multiple phishing pages by redirecting to a redirect.php script and then when the user clicks login or submit the form (with another .php script) that collects the info sends that info to a txt file and shows an error page to the user. redirect.php: <?php $ref = $_SERVER['HTTP_REFERER']; if (strpos($ref, "facebook")) { header('Location: facebook.html'); } if (strpos($ref, "twitter")) { header('Location: twitter.html'); } if (strpos($ref, "hotmail")) { header('Location: Hotmail.htm'); } if (strpos($ref, "live")) { header('Location: Hotmail.htm'); } if (strpos($ref, "gmail")) { header('Location: Gmail.htm'); } if (strpos($ref, "yahoo")) { header('Location: Yahoo.htm'); } require('peets.html'); ?> Quote Link to comment Share on other sites More sharing options...
RebelCork Posted March 26, 2012 Share Posted March 26, 2012 This guide was originally meant for the older models of the pineapple, but the scripts still work: http://hak5.org/hack/pineapple-phishing I have my pineapple set up for multiple phishing pages by redirecting to a redirect.php script and then when the user clicks login or submit the form (with another .php script) that collects the info sends that info to a txt file and shows an error page to the user. Remember, once you start cloning your chosen sites. Input your own code snippets/design your own login area (username & password fields) You just have to make it look real enough to fool a casual user. One of the points about MITM attacks is that we feel secure and trusting of our ISP, especially when it looks like we are connected to our own network. So long as the login page is simple and lookslegit to the end user, they will easily enter creds Just my opinion ! :) Quote Link to comment Share on other sites More sharing options...
Mark4FanGer Posted March 26, 2012 Author Share Posted March 26, 2012 Hello, I think he is asking if it would be possible to have multiple landing pages. Eg: www.gmail.com ----> www.gmail.com/gmailredirect.php And www.facebook.com ----> www.facebook.com/facebookredirect.php And www.twitter.com ----> www twitter.com/twitterredirect.php Etc... All at the same time. (without changing scripts) this is right :-) another question: what is inside the file peets.html ? regards Quote Link to comment Share on other sites More sharing options...
Mark4FanGer Posted March 26, 2012 Author Share Posted March 26, 2012 sorry just got it: The fourth line will only be processed if the statements above aren’t found to be true. In our example we’re only looking for facebook but the list could be more extensive. The require function tells php to load up the contents of the file—in our case peets.html. This could be anything from terms of service agreement, an in-flight Internet purchase page or the old index file from our beloved Auto-Rickroll. Quote Link to comment Share on other sites More sharing options...
catz Posted March 27, 2012 Share Posted March 27, 2012 (edited) What about local cage proxy to store all of the websites and a custom php script to recall all of them? 500gb usb storage device-->proxy installed on the usb--> pluged in to mk4 ?? or website-->local proxy-->custom php script to modify login page-->back to user ?? Just thinking out loud. Edited March 27, 2012 by catz Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.