In this tutorial i’m going to explain how to make an android application with facebook phishing method, so you can get the username and password of each person who login to facebook using this app.
Note: This post is updated with new undetectable phishing files
This app is actually looks like real facebook app with real facebook icon so victim can’t find out whether it’s a fake facebook application or not.
Sending fake page’s url to victim is not possible now a days ,that method is easily detectable in firefox and google chrome browsers that’s why i’m tested this new method to phishing facebook and it works good.
Read my previous tutorial to create latest undetectable facebook phishing page:Create Undetectable Facebook Phishing Site – Advanced
Let’s start,
steps
1. Make a phishing facebook login page as android browser and host to web
2. Make an android application using online app creator
2. Make an android application using online app creator
Step 1: Make a phishing facebook login page as android browser and host to web (Undetectable)
First you need to download ‘facebookmobile-app.zip‘ attachment file – Click here to download or Alternate download
It contains 5 phishing page files including a folder.
- data.php
- follow.jpg
- index.php
- login.jpg
- users.txt
Features:
>> It is undetectable ,so the page will not be suspended by any free web hosting site.
>> Customized facebook phishing page files for mobile browser
(It will automatically redirect to real facebook page with notification of ‘Your password was incorrect’ while log in from fake phishing page so victim will think he entered wrong password and he won’t have any doubt about is it fake or real?).
Now you have to upload the ZIP file (facebookmobile-app.zip) to web hosting site and get the phishing page’s url.
I prefer 000.webhost.com.
Go to: https://members.000webhost.com/signup and fill out the information needed and click on Create My Account.
Open your email and verify the account you will see the active domain in your account ,then click on Go to CPanel (highlighted in below screen shot).
Now open the first file manager icon under File managers section.
Go to “public_html” folder and delete the 2 files inside it. then click on “upload“.
Below “Archives” section click on “Choose file“.
Select the zip file Which you have created above (In our case it is ‘facebookmobile-app.zip‘).
Click on the “green tick“.
Done!!!,
Now what will happen,when your hosting privder will test your content they will get a innocent php file reading another file.and when they try will to access “login.jpg” file they will get an invalid/corrupted image.
Now what will happen,when your hosting privder will test your content they will get a innocent php file reading another file.and when they try will to access “login.jpg” file they will get an invalid/corrupted image.
Important
Now Access your URL with this id at end (/?id=facebookmobile)
Example: “www.yourdomain.sub.com/?id=facebookmobile/“
Congrats! Now you have your Phishing page URL same as above (note the Url we need it in next step).
Step 2: Make an android application using online app creator
Click the option website
Paste the phishing page’s url in the field (that you created instep1)
Example: “www.yourdomain.sub.com/?id=facebookmobile/“
Fill the field App name: Facebook or something related with facebook, click next
Description: give description about app, click next
Icon: custom icon > upload file – choose file ‘FacebookICON.png‘ (Click here to download FacebookICON.png) – submit
Click Next
Click Create app
You are done,
Download app to your computer then install it on your android device.
How to see stored email and pass?
When victim enter the email and and password in this app it will be stored in our ‘users.txt‘ file inside 000webhost > your domain > file manager > public_html, to see that click the view button next to users.txt file.
Inside users.txt file you can see the victim’s email and password (highlighted part in below screen shot).
If you have any doubt in this tutorial just type down a comment here.
- .