How To Make A Facebook Phishing Site

What is Phishing?
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by appearing as a trustworthy entity in an electronic communication. Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.


What is Tabnabbing?
Tabnabbing is a new type of  phishing attack. It basically refers to a website that is changing its look and feels to a fake website after some time of inactivity. It is about a page we’ve been looking at, but will change behind our backs, when we aren’t looking

How The Attack Works?
A user navigates to a normal looking website. A custom code detects when the page has lost its focus and hasn’t been interacted with for a while. The favicon gets replaced with that of GMail (or any other website), while the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.

adwords_phish.gif

In this Tab Napping Tutorial, i have selected a new type of Facebook hacking script which appears as the game, as World's Hardest Game, and some information and looks are updated of this phishing page so that it seems real, so basically the methodology is that some one will open that phishing page and starts the game, as loading takes several seconds so the script will redirect to fake facebook login page in it self as now many gaming sites requires it, after victim enters his login details, he/she will redirected to the main game page, after it there will be no interruption, here now I am going to tell you its implementation; 

Web Hosting Account and its Setting

1. Firstly Download the Tab-nabbing files (Download button is given below).

2. You need a Free Web Hosting Site account. If you don't have, you can make one from any of the given sites;


If you want any other site,then you can search for it on Google.

3. Now extract the files from the archive which you downloaded on first step.


safafs.PNG

4. Before uploading you have to make 3 directories in the Web Hosting account as there are 3 folders (fbimagesjs) in the archive you downloaded. I am using My3GB account in this tutorial.

sgg.PNG

5. Now you have to upload all the files which were in the archive, also dont forget to upload the files in the directories of their respective folders;

bbb-horz.jpg

Testing Tab Nabbing Site

1. Open the link which you had made according to this account while registering on any of the file host, and enter that link in your browser's address bar, the URL would be like this;

www.yourname.yourwebhostingsite.com/

2. Open the game and play it yourself, you will see the below picture;

Hardest+Game+Ever.png

3. After playing for several seconds you will be redirected to Facebook login page, and by entering the  details you can continue;

Facebook+Login+Prompt.png

4. After clicking the login button you will be again directed to the game page that will not change now, now for viewing the password go to the fb directory and open Password.html and you will see the login details and IP address of the who pressed login button.

dsg.PNG

I hope you have find it useful, you can simply trick your victim with Social Engineering attacks like its is the world's hardest game, no one can beat it and many other ideas you can make them with your brain. If you want more Social Engineering techniques you can look here.

Note: Do Not Use Any Tutorial Of This Blog To Harm Anyone. This Is Only For Educational Purpose. I Will Not Be Responsible For Anything Done By You.


                                                              Size: 937 KB