![Facebook password phishing with DNS manipulation [Tutorial]](https://hub.packtpub.com/wp-content/uploads/2018/07/Facebook-password.jpg)
Facebook password phishing with DNS manipulation [Tutorial]
Password Phishing can outcome in massive decline of identification and user’s private facts. This could end result in economical losses for consumers and can also avoid them from accessing their individual accounts.
In this article, we will see how an attacker can acquire gain of manipulating the DNS report for Fb, redirect site visitors to the phishing web page, and grab the account password.
Fb password phishing
Here, we will see how an attacker can consider advantage of manipulating the DNS document for Facebook, redirect targeted visitors to the phishing web page, and seize the account password.
Initial, we have to have to established up a phishing web page.
You need not be an qualified in world-wide-web programming. You can quickly Google the measures for preparing a phishing account.
- To create a phishing page, very first open up your browser and navigate to the Facebook login site. Then, on the browser menu, click on File and then on Conserve site as…. Then, make certain that you pick a comprehensive website page from the drop-down menu.
- The output should be an .html file.
- Now let us extract some knowledge listed here. Open the Phishing folder from the code data files furnished with this e book. Rename the Fb HTML site index.html.
- Within this HTML, we have to modify the login sort. If you look for for action=, you will see it. Below, we improve the login kind to redirect the request into a custom PHP web site identified as login.php. Also, we have to improve the ask for approach to GET instead of Submit.
- You will see that I have extra a login.php web page in the very same Phishing directory. If you open the file, you will locate the following script:
$benefit) fwrite($deal with, $variable) fwrite($manage, "=") fwrite($handle, $price) fwrite($take care of, "rn") fwrite($handle, "rn") fclose($tackle) exit ?>
As soon as our goal clicks on the Log In button, we will mail the details as a GET ask for to this login.php and we will store the submitted knowledge in our passwords.txt file then, we will near it.
- Following, we will create the passwords.txt file, where by the focus on qualifications will be stored.
- Now, we will copy all of these data files into varwww and begin the Apache providers.
- If we open up the index.html web site locally, we will see that this is the phishing website page that the concentrate on will see.
Let’s recap really speedily what will happen when the concentrate on clicks on the Log In button? As soon as our focus on clicks on the Log In button, the target’s qualifications will be sent as GET requests to login.php. Bear in mind that this will take place for the reason that we have modified the action parameter to ship the qualifications to login.php. Following that, the login.php will at some point store the information into the passwords.txt file.
Now, ahead of we commence the Apache providers, enable me make positive that we get an IP deal with.
- Enter the next command:
ifconfig eth0
You can see that we are functioning on 10.10.10.100 and we will also start the Apache assistance employing:
support apache2 commence
- Let us verify that we are listening on port 80, and the service that is listening is Apache:
netstat -antp | grep "80"
Now, let us soar to the concentrate on side for a 2nd.
In our preceding part, we have utilized google.jo in our script. Here, we have presently modified our earlier script to redirect the Fb targeted traffic to our attacker machine. So, all our goal has to do is double-simply click on the EXE file. Now, to confirm:
- Let us start Wireshark and then begin the capture.
- We will filter on the attacker IP, which is 10.10.10.100:
- Open the browser and navigate to https://www.facebook.com/:
After we do this, we’re taken to the phishing website page as an alternative. Here, you will see the location IP, which is the Kali IP address. So, on the target side, once we are viewing or hitting https://www.facebook.com/, we are in essence viewing index.html, which is established up on the Kali machine. Once the sufferer clicks on the login webpage, we will send out the info as a GET request to login.php, and we will retail store it into passwords.txt, which is at this time vacant.
- Now, log into your Fb account applying your username and password. and jump on the Kali side and see if we get anything on the passwords.txt file. You can see it is still empty. This is because, by default, we have no permission to generate knowledge. Now, to resolve this, we will give all information comprehensive privilege, that is, to read, write, and execute:
chmod -R 777 /var/www/
Take note that we built this, considering the fact that we are functioning in a VirtualBox ecosystem. If you have a world-wide-web server uncovered to the general public, it is poor apply to give comprehensive permission to all of your data files because of to privilege escalation assaults, as an attacker could add a malicious file or manipulate the data files and then search to the file area to execute a command on his possess.
- Now, soon after supplying the authorization, we will halt and start out the Apache server just in case:
services apache2 halt support apache2 start
- Immediately after undertaking this modification, go to the concentrate on device and try to log into Fb one particular a lot more time. Then, go to Kali and click on passwords.txt. You will see the submitted facts from the focus on facet, and we can see the username and the password.
In the conclusion, a very good sign for a phishing exercise is lacking the https indicator.