Get Someones Facebook Password

Invite to the 2nd Null Byte in a series informing you on Social Engineering Awareness and methods. Today, I'm going to reveal you how a savvy Social Engineer would deceive a buddy into unconsciously surrendering their Facebook password. My intent is to caution and shows how simple it is to catch phishing through Social Engineering, and for that reason expose yourself. Get someones Facebook password?

Get Someones Facebook Password

Exactly what is Phishing?

Phishing is the act of fooling somebody into signing onto a phony site, which imitates an official website, such as Facebook. The phishing page will log the qualifications that the user goes into in the password field and goes undetected with the ideal situations and some Social Engineering.

The phishing page is developed by going to the site you wish to mock, copying the source HTML code, then modifying it to utilize a customized PHP script to log the victim's qualifications. An excellent phishing page will perfectly use cookies to bypass redirect filters. So if a cookie for the website exists, the user will be visited, and more than most likely will not recognize exactly what occurred.
Why not check here:


  • Phishing is unlawful.
  • Just phish your pals who provide you grant to do so.

Get Someones Facebook Password

Action 1 Get a Webhosting

You require a location to host your phishing page. I like T35-- they are complimentary and deal cPanel hosting.

  1. Make a complimentary account on T35.
  2. Go to your e-mail that you utilized and click the link verifying the account.

Action 2 Produce the Phishing Page

Now we have to develop the website that will log the victim's qualifications.

  1. Open a text file utilizing notepad, or your option in the full-screen editor.
  2. Go to the Facebook login page.
  3. Right-click someplace on the page, and click View page source.
  4. Copy all the contents of the origin code and paste them into your text file.
  5. Struck ctrl + f, and look for "action=" and alter the approach to "GET", and the text to the right of" action=" to "log.php".
  6. Click File > Conserve as and wait with the name "index.php" (make certain to click the drop-down menu to pick "all files" if it's not chosen currently).
  7. Create a brand-new text file, and paste this as the contents (paste the raw text, not the numbered). This is the file composed in PHP that logs the victim's login information.
  8. Conserve the file as "log.php". Once again, ensure "all files" is chosen in the file type drop-down menu.
  9. Visit your T35 account and click Upload. Publish both files to the root of your site (not in a folder).
  10. When qualifications are logged, they will remain in a file called "passwords.txt" in the root of your site. Examine package beside the "passwords.txt" file when you get some logs, and click mod. Modification the file to 466 authorizations, so other individuals cannot check out the victim's passwords.

Action 3 Carry out the Phish

In a status upgrade on Facebook, post something like the following:

" Have a look at this amusing photo of me on my site xD <post link to phishing page here>.".

It's truly that easy. You ought to begin to see individuals' login qualifications getting saved in your "passwords.txt" file. Just since it originates from a "relied on" Facebook kind friend, they will opt for their impulses and click the link without hesitating about it. The very best part about that PHP code published above is the header sends you back to the Facebook homepage, bypassing the redirect filter alerting that Facebook has carried out, which will make it almost smooth to the user who succumbed to it.