Breaking & Entering . (Phishing)

Breaking and Entering.
>Phishing<

Have you ever had the nightmare of breaking and entering to your house????


The same process may apply to your sensitive information such as username, password and credit card information which are using in web by an intruder.
Phishing is kind of a tool used by cyber criminals to steal personal information from another person.
This is popular since it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer's defenses. 

Let's get some idea of how to make a phishing site.

I'm using Twitter social network login page as an example.

Step 1

Go to the website that you want to make a phishing page.
As i mentioned above , I'm using Twitter here.

Step 2

Click right on the page and save page as complete web page.

 Step 3

Then open the saved page and open it in a notepad.

Step 4

Press "CTRL+F" and click Find Next to search for "action" word.
make sure that you choose the action with the login form.


Step 5

Now replace the url after the action with your exploit.
Here i use my exploit with the name vol.php

Step 6

Now save the file with any name you want with the extension .html

Step 7

You have to make a php script to catch the sensitive data.

Just go through the link provided below. You will find all the codes related to my phishing work.

https://github.com/RajithaAkwaththa/Phishing

Concepts Related to phishing


Phishing emails

>It looks like as an important notice, urgent update or alert with a deceptive subject line to entice the recipient to believe that the email has come from a trust source and then open it. The subject line may consist of numeric characters or other letters in order to bypass spamming filters.

>It sometimes contains messages that sound attractive rather than threatening e.g.  a reward will be given
>It normally uses forged sender's address or spoofed identity of the organisation, making the email appear as if it comes from the organisation it claimed to be.
>It usually copies all the content from the website in order to make the website look genuine.
>It usually contains hyperlinks that will take the recipient to a fraudulent website.
>It may contain a form for the recipient to fill in personal/financial information and let recipient submit it. This normally involves the execution of scripts to send the information to databases or temporary storage areas where the intruder can collect it later.



Phishing Websites

>It uses genuine looking content such as images, texts, logos or even mirrors the legitimate website to entice visitors to enter their accounts or financial information or sensitive information such as username and passwords.

>It may use forms to collect visitors' information where these forms are similar to that in the legitimate website.
>It may in form of pop-up window that is opened in the foreground with the genuine web page in the background to mislead and confuse the visitor thinking that he/she is still visiting the legitimate website.
>It may display the IP address or the fake address on the visitors' address bar assuming that visitors may not aware of that. Some intruders may perform URL spoofing by using scripts or HTML commands to construct fake address bar in place of the original address.


What techniques are there to attract the victim??

>Intruder can send a link saying that there is a way to secure your mail account by following some easy steps. So there they asking the credentials for your mail and your sensitive information can be steal.

>Victim can be attract by saying that there is a giveaway at somewhere and for that you need to provide your credit card information and it can be stolen like that by an intruder.

Make sure that you wont be a victim in phishing.

>Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.

>Before sending sensitive information over the Internet, check the security of the website.

>Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).

>If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Information about known phishing attacks is available online from groups.

>Keep a clean machine. Having the latest operating system, software, web browsers,) anti-virus protection and apps are the best defenses against viruses, malware, and other online threats.

Comments

Post a Comment

Popular posts from this blog

Fake WAP

Image
Fake WAP There are a horde of things out there that goes under the general name 'hacking.' But what precisely are these demonstrations and what is the completely most effortless one for programmers to finish? This is a stealth assault, similar to a lethal ninja, known as a phony remote access point (Fake WAP). You may likewise know it as a 'man in the center' assault. Programmers can do this effectively enough, taking your information covertly with the goal that you're unaware. More regrettable yet, you'll HELP them do it! A VPN is your vital component to ensuring this doesn't transpire, regardless of the possibility that you do fall into their trap. As a reward, I get the chance to add pictures of ninjas to this post and it absolutely bodes well. What is a fake wireless access point This is the point at which a programmer utilizes a basic bit of programming and a remote system get to card. They will utilize these and go out into the general
Read more

The Secure Socket Tunneling Protocol

Image
The Secure Socket Tunneling Protocol This segment depends on a prerelease adaptation of Windows Server 2008. All data in this is liable to change. Virtual private system (VPN) bolster in Windows XP and Windows Server 2003 enables you to interface with your private intranet over the Internet, similarly as though your PC was connected to a neighborhood Ethernet port. Nonetheless, the VPN conventions in Windows XP and Windows Server 2003 don't work for some firewall arrangements what's more, for some circuitous arrangements, for example, when your PC is behind a Network Address Translator (NAT) or Web intermediary server—in which the movement for VPN associations is being blocked. To determine these challenges, Windows Server® 2008 and Windows Vista Service Pack 1 incorporate help for the new Secure Socket Tunneling Protocol (SSTP). VPN Access Problems In Windows® XP and Windows Server 2003, the VPN conventions that empower remote access associations with an intranet
Read more

Shift cipher

Image
Shift cipher Modular Math and the Shift Cipher The Caesar Cipher is a type of  shift cipher . Shift Ciphers work by using the modulo operator to encrypt and decrypt messages. The Shift Cipher has a  key K , which is an  integer from 0 to 25 . We will only share this key with people that we want to see our message. How to Encrypt: For every letter in the message  M  : 1.  Convert the letter into the number that matches its order in the alphabet starting from 0, and call this number  X . ( A=0, B=1, C=2, ...,Y=24, Z=25) 2.  Calculate:  Y  =  (X + K)  mod  26 3.  Convert the number  Y  into a letter that matches its order in the alphabet starting from 0. (A=0, B=1, C=2, ...,Y=24, Z=25) For Example:  We agree with our friend to use the Shift Cipher with  key K=19 for our message.  We encrypt the message  "KHAN",  as follows:​ So, after applying the Shift Cipher with key K=19 our message t
Read more