Monday, July 9, 2012

What Is Phishing

Here in this post we will discus a little about what is phishing. Please note what we are covering here is just basics and not a phishing tutorial. In phishing attack, an attacker creates a fake login page of a legitimate website and lures victim to login using it. The site under attack is known as phished site and the fake login page used for capturing or stealing information is known as phished page. To perform phishing attack an attacker performs following steps,
First of all he gets a free web host and then selects a domain which somehow resembles the site he wants to phish. For example to hack Gmail password he/she may select domain like Gmial. Look carefully both words appear nearly similar when just overlooked and that is where an attacker makes a catch.

Next he opens the site he wants to phish and saves it on his/her desktop then he/she uploads those files to their own domain. The attacker then creates a web page with a sorry or error message to make victim believe site is temporarily down or under maintenance or he types following lines in php file and uploads it to his/her domain,

<?php
header ('Location: 'www.realdomainname.com');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
.
Where he/she replace red background URL by real URL of phished page. Then this file is also uploaded there so that victim should get redirected to original website to avoid detection of phishing attack.

Nearly all phishing attacks are conducted in same way. If you have been regular reader of my blog then you might know we have already covered how to hack facebook account using phishing. If you have read that post then you might have found that steps mentioned here matches to those steps that we used to create a phished page for facebook. For practice in future we will cover few more tutorials on phishing. Till then have a nice time, thanks for reading and keep visiting.

0 comments: