Facebook password phishing with DNS manipulation [Tutorial]
Password Phishing can outcome in huge loss of identity and user’s private information. This could final result in economic losses for consumers and can also reduce them from accessing their very own accounts.
In this post, we will see how an attacker can get advantage of manipulating the DNS history for Facebook, redirect site visitors to the phishing site, and grab the account password.
Fb password phishing
Listed here, we will see how an attacker can get benefit of manipulating the DNS file for Facebook, redirect visitors to the phishing webpage, and grab the account password.
First, we require to set up a phishing website page.
You have to have not be an qualified in website programming. You can easily Google the actions for preparing a phishing account.
- To produce a phishing website page, initial open up your browser and navigate to the Fb login webpage. Then, on the browser menu, click on File and then on Save website page as…. Then, make absolutely sure that you choose a comprehensive page from the fall-down menu.
- The output should be an .html file.
- Now let us extract some knowledge listed here. Open the Phishing folder from the code data files supplied with this guide. Rename the Facebook HTML web page index.html.
- Within this HTML, we have to change the login type. If you research for action=, you will see it. In this article, we improve the login variety to redirect the ask for into a custom PHP page referred to as login.php. Also, we have to modify the ask for method to GET in its place of Publish.
- You will see that I have additional a login.php site in the exact Phishing listing. If you open up the file, you will come across the pursuing script:
$price) fwrite($cope with, $variable) fwrite($manage, "=") fwrite($handle, $price) fwrite($deal with, "rn") fwrite($cope with, "rn") fclose($cope with) exit ?>
As quickly as our goal clicks on the Log In button, we will send the knowledge as a GET ask for to this login.php and we will shop the submitted details in our passwords.txt file then, we will close it.
- Subsequent, we will produce the passwords.txt file, where the focus on credentials will be saved.
- Now, we will copy all of these data files into varwww and get started the Apache solutions.
- If we open the index.html web page regionally, we will see that this is the phishing webpage that the focus on will see.
Let us recap truly speedily what will materialize when the target clicks on the Log In button? As soon as our goal clicks on the Log In button, the target’s credentials will be sent as GET requests to login.php. Bear in mind that this will transpire simply because we have modified the action parameter to send out the credentials to login.php. Following that, the login.php will inevitably shop the information into the passwords.txt file.
Now, prior to we start off the Apache expert services, permit me make absolutely sure that we get an IP handle.
- Enter the pursuing command:
ifconfig eth0
You can see that we are operating on 10.10.10.100 and we will also start off the Apache service employing:
assistance apache2 start out
- Let’s confirm that we are listening on port 80, and the company that is listening is Apache:
netstat -antp | grep "80"
Now, let’s soar to the focus on facet for a second.
In our preceding portion, we have applied google.jo in our script. Right here, we have already modified our previous script to redirect the Facebook website traffic to our attacker machine. So, all our concentrate on has to do is double-simply click on the EXE file. Now, to verify:
- Let us start out Wireshark and then commence the seize.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open the browser and navigate to https://www.facebook.com/:
When we do this, we’re taken to the phishing site as a substitute. In this article, you will see the spot IP, which is the Kali IP handle. So, on the target aspect, at the time we are viewing or hitting https://www.fb.com/, we are generally viewing index.html, which is established up on the Kali device. Once the target clicks on the login webpage, we will send the facts as a GET request to login.php, and we will retail store it into passwords.txt, which is at this time empty.
- Now, log into your Fb account working with your username and password. and jump on the Kali aspect and see if we get something on the passwords.txt file. You can see it is continue to vacant. This is because, by default, we have no permission to publish facts. Now, to fix this, we will give all files total privilege, that is, to study, generate, and execute:
chmod -R 777 /var/www/
Observe that we built this, since we are working in a VirtualBox atmosphere. If you have a net server exposed to the general public, it is terrible exercise to give whole authorization to all of your information thanks to privilege escalation attacks, as an attacker may perhaps upload a destructive file or manipulate the documents and then search to the file site to execute a command on his personal.
- Now, just after providing the permission, we will quit and commence the Apache server just in circumstance:
support apache2 prevent services apache2 begin
- Soon after doing this modification, go to the target machine and consider to log into Facebook one far more time. Then, go to Kali and click on on passwords.txt. You will see the submitted data from the concentrate on side, and we can see the username and the password.
In the stop, a great sign for a phishing action is missing the https indicator.
