May 27, 2022


Future Technology

Facebook password phishing with DNS manipulation [Tutorial]

Facebook password phishing with DNS manipulation [Tutorial]

Password Phishing can outcome in large loss of identification and user’s confidential information. This could consequence in money losses for consumers and can also avert them from accessing their very own accounts.

In this short article,  we will see how an attacker can take advantage of manipulating the DNS report for Facebook, redirect targeted visitors to the phishing web site, and seize the account password.

Fb password phishing

Listed here, we will see how an attacker can take benefit of manipulating the DNS history for Fb, redirect targeted traffic to the phishing webpage, and seize the account password.

Initial, we have to have to set up a phishing site.

You require not be an specialist in world-wide-web programming. You can conveniently Google the actions for getting ready a phishing account.

  1. To generate a phishing webpage, initially open your browser and navigate to the Fb login website page. Then, on the browser menu, click on on File and then on Conserve web page as…. Then, make certain that you opt for a complete webpage from the drop-down menu.
  2. The output ought to be an .html file.
  3. Now let us extract some data below. Open the Phishing folder from the code files supplied with this e book. Rename the Facebook HTML web site index.html.
  4. Within this HTML, we have to improve the login sort. If you look for for action=, you will see it. Below, we change the login variety to redirect the ask for into a customized PHP webpage known as login.php. Also, we have to modify the ask for system to GET instead of Article.
  5. You will see that I have included a login.php website page in the very same Phishing directory. If you open up the file, you will locate the subsequent script:
fwrite($handle, $variable)
fwrite($cope with, "=")
fwrite($manage, $worth)
fwrite($handle, "rn")

fwrite($tackle, "rn")
fclose($take care of)

As shortly as our concentrate on clicks on the Log In button, we will send the details as a GET ask for to this login.php and we will keep the submitted data in our passwords.txt file then, we will close it.

  1. Future, we will build the passwords.txt file, exactly where the goal qualifications will be saved.
  2. Now, we will copy all of these information into varwww and start off the Apache solutions.
  3. If we open the index.html website page domestically, we will see that this is the phishing site that the concentrate on will see.

Let us recap really promptly what will occur when the target clicks on the Log In button? As shortly as our goal clicks on the Log In button, the target’s credentials will be sent as GET requests to login.php. Don’t forget that this will materialize since we have modified the motion parameter to mail the qualifications to login.php. Immediately after that, the login.php will sooner or later retail outlet the information into the passwords.txt file.

Now, just before we start out the Apache solutions, enable me make positive that we get an IP tackle.

  1. Enter the following command:
ifconfig eth0

You can see that we are running on and we will also get started the Apache company working with:

services apache2 begin
  1. Let’s validate that we are listening on port 80, and the assistance that is listening is Apache:
netstat -antp | grep "80"

Now, let’s leap to the target aspect for a second.

In our past part, we have made use of in our script. In this article, we have currently modified our previous script to redirect the Facebook visitors to our attacker machine. So, all our concentrate on has to do is double-click on on the EXE file. Now, to validate:

  1. Permit us get started Wireshark and then commence the capture.
  2. We will filter on the attacker IP, which is
  1. Open up the browser and navigate to

After we do this, we’re taken to the phishing site alternatively. Below, you will see the destination IP, which is the Kali IP deal with. So, on the concentrate on side, the moment we are viewing or hitting, we are in essence viewing index.html, which is set up on the Kali equipment. Once the sufferer clicks on the login web site, we will send out the details as a GET request to login.php, and we will retail outlet it into passwords.txt, which is at present empty.

  1. Now, log into your Fb account utilizing your username and password. and jump on the Kali aspect and see if we get everything on the passwords.txt file. You can see it is still vacant. This is because, by default, we have no authorization to produce details. Now, to repair this, we will give all documents full privilege, that is, to go through, compose, and execute:
chmod -R 777 /var/www/

Be aware that we built this, considering the fact that we are jogging in a VirtualBox ecosystem. If you have a world-wide-web server exposed to the community, it is bad apply to give comprehensive authorization to all of your data files due to privilege escalation attacks, as an attacker may possibly add a malicious file or manipulate the data files and then look through to the file locale to execute a command on his personal.

  1. Now, after providing the authorization, we will halt and start off the Apache server just in circumstance:
services apache2 halt
assistance apache2 start out
  1. Just after carrying out this modification, go to the concentrate on device and attempt to log into Facebook one particular additional time. Then, go to Kali and click on on passwords.txt. You will see the submitted knowledge from the focus on side, and we can see the username and the password.

In the stop, a excellent sign for a phishing exercise is missing the https sign.

We carried out the password phishing approach using Python. If you have appreciated looking at this excerpt, do check out ‘Python For Offensive PenTest‘ to study how to defend you and secure your account from these attacks and code your personal scripts and master ethical hacking from scratch.

Examine Upcoming: