Saturday, October 1, 2011

How to make a Phisher or Fake Pages

Phishers are fake pages which are intentionally made by hackers to steal the critical information like identity details, usernames, passwords, IP address and other such stuff. As i mentioned intentional, which clearly means its illegal and its a cyber crime. Phishing is basically a social engineering technique to hack username and passwords by deceiving the legitimate users. Phishers are sent normally using spam or forged mails.

Note: This article is for educational purposes only, any misuse is not covered by Hacking loops or CME.

What is Phishing?
Phishing is basically derived from the word called Fishing which is done by making a trap to catch the fishes. Similarly in case of hacking, hackers make Phish pages (traps) to deceive the normal or unaware user to hack his account details. Phishing technique is advancing day by day, its really tough to believe that on what extent this technique is reached but this is always remains far away from normal internet users and most of hackers.
Most of hackers and computer geeks still believe that Phishing attempt can be easily detected by seeing the URL in address bar. Below are some myths that hacking industry still have about Phishing. I will mention only few because then article will become sensitive and major security agencies will flag my website for posting sensitive data. So i will only explain the facts, if you need the same you need to fill the form and give us assurance that you will not misuse it.

Myth's about Phishing among Computer Geeks and Hackers
1. Almost each and every Hacker or computer Geek, thinks that Phishing attempt can be detected by just having a look on the URL. Let me tell you friends it was old days when you recognize Phishers by seeing URL's. But nowadays recent development in Cross site scripting(XSS) and Cross site Script forgery has made it possible that we can embed our scripts in the URL of famous websites, and you must know scripting has no limitations. Below are some examples that you can do from scripting:
a. Embed a Ajax Keylogger into the main URL and user clicks on the URL, keylogger script will get executed and all the keystrokes of the user will get record.
b. Spoof the fake URL: If you are little bit good in scripting and web browser exploits recognition then this can be easily done. What you need to do you need to write a script which will tell web browser to open fake page URL whenever user opens some website like Facebook. Just you need to manipulate the host file and manipulate the IP address of that website from Host file(found in windows folder).
c. Simply retrieving the information saved in the web browser like saved passwords, and bookmarks etc. Just need to write a script which will explore the locations in Windows user profile (where actually the stored information of web browsers saved). 
2. One biggest myth, when you enter the data into the fake page, it will show either some warning message or show login information is incorrect. Rofl, new phishers are bit smart, now they don't show warning messages, when you login through fake page. They will actually login you into your account, and simultaneously at the back end they will steal your information using batch scripts.

So  friends i think this is enough back ground about new phishing technologies. Let's learn how to make a basic Phisher of any website in less than one or two minutes.

Steps to make your own Phisher:
1. Open the website Login or Sign in page whose phisher you want to make. Suppose you pick Gmail.
2. Right click to view the source and simultaneously open notepad.
3. Copy all the contents of the source into the notepad file.
4. Now you need to search for word action in the copied source code. You will find something like below:
how to make phishers or fake pages
Manipulate action and method

Now in this line you need to edit two things, first method and then action. Method Post is used for security purposes which encrypts the plain text, so we need to change it to GET.
Action field contains the link to next page, where it should go when you click on login or press enter. You need to change it to something.php (say lokesh.php).
5. Now save the above page.
6. Now open the Notepad again and paste the below code in that:
sample batch scripts for hacking account or password
Batch script for Phisher
7. Location contains the next page URL, where you wish to send to user and passwords.html will contains the passwords.
8. Now save this file as lokesh.php as told in step number 4.
9. Now create an empty file and name it as passwords.html, where the password get stored.
10. Upload all the three file to any web server and test it.

Note: In case of facebook, it will show error after user login, for that you need to use tabnabbing trick.
Note: Always keep the extension correct, otherwise it will not work. So always use save as trick rather than save otherwise it will save files as lokesh.php.txt. 

That's all from my side today, I hope you all enjoyed this article..
If you have any issues ask me in form of comments..


  1. sir waiting for third ppt..
    i've miss the last class(2nd ppt) :(

  2. sir today is hacking class...

  3. can u pls also explain how to embed these phishers in url of famous website?

    anyway thnx for this article...i always wanted to create my own phisher pages ... gr8 job, keep it up.

  4. thanx for the post..kindly upload phisher files for gmail new sign in page and Hotmail as i m unable to create which don't show error while entering password.....if anyone have then kindly send me at

  5. sir, i created as u said:)
    bt i dnt knw wer to upload

  6. Possibly add to this technique by using url rewrite rules to make the original link less suspucious. eg. rewrite the link to

    so the user will see facebook etc in the domain name and will increase the chances of fooling said victim :)

  7. lesso can u send me new working phisher files for gmail at

  8. @lesso

    I dont want to disclose this technique directly on any portal,as if we disclosed it then it will also become detected. So please, i am requesting from my heart that please don't disclose openly. Try to disclose using ciphers.. as i did, i explained everything but CL execs will never get the exact method.

  9. @sarhan

    Don't you see what i have written on top... also can't u see what i have written in mid, so take care while commenting.

    Every sensitive discussions will be through mail or sms, not openly on website.

  10. @Sir Lokesh ...i apologize for discussing openly,i vill take in future,i sent email to u several time but no response..if possible then kindly reply by email..regards

  11. What does the first file need to be saved as (the one with GET and everything)? html? php?

  12. can u hack the facebook account with email address and then email me the username and password at

    please :'(

  13. lokesh sir where to fill up the form to get all the thing.

  14. hay can u help me to build a gmail fishing page

  15. hi lokesh i am very happy about this tutoria,i seem to follow but the part i do not get is that of the second notepad and the code to copy into it. please help me out on it as for the rest i understand and i have a very good cpanel for hosting

  16. sir i m a beginner in this field..and i m very glad because i understood many things from your thank u sir

  17. Thank you Lokesh


  18. i'm loving this very mcuh

  19. send me more hacking tricks specially fb)


    Teach me here sir ...

  21. how and where to upload kindly reply

  22. send me pls sir!

  23. send me here sir:

  24. Hello sir I did not get the form and< action=...... >like those sentense. I think I clicked in wrong place to get source so can I know where have to click to get right source in which poage I have to stay in that time

  25. Sir plz do msg me .. or else send ur contact id i will try to get uh.

  26. can u hack an fb account for me and just give me the password?

  27. can u hack an fb account for me and just give me the password?

  28. Plz send me all the trics


    help me. i have no idea about this...

  30. my id is :

    plz send me the pisher

  31. thnx for the above article but im not able to make a phisher still can u plz send it to my email id:
    and plz let me know that wherre to upload this file

  32. ID IS "


  34. Thank you. My ID is

  35. aoa how are you:
    i need facebook hacking by phishing tips and tricks.
    also need to know whether this phising can be used for laptops and PCs or even on android phones ,
    mail me on

  36. please give me proper details at

  37. hi !!!
    could you please send a tutorial for

  38. hey buddy, but if we use 'get' method then we can see our password and email in url bar after we click on log in ?

  39. Sir i want to hack my friends fb accnt..plez help me..i want it vry email id is


Please do not spam.

Designed by Hackingloops.