How to Make Undetectable Facebook Phishing Site 2017 – Free SSL Domain
Hey guys, I am back with new facebook phishing method for 2017 :), My last post about phishing was a huge hit but unfortunately that is no longer working because the free web hosing provider updated their website and they are suspending the phishing sites. I got many requests from my readers to publish a new method of making phishing site, so here i am again with the demonstration of How to Make Undetectable Facebook Phishing Site 2017 with Free SSL Domain.
It is a huge challenge to setup a free phishing site on internet because all free hosting providers are suspending the page once you upload phishing code and the browser also detecting the fake pages and warning the phishing attack so in this case here we are using a different method to bypass this detection and we are gonna make it completely secure with own domain with ssl encryption (https secure browsing), don’t worry it’s all completely free of cost :)) .
In normal scenario when you design your phishing page and upload files to your hosting account, your Web Hosting provider attempts to find all phishing attempts from their servers, Maximum time they do this by using automated crawlers. If the crawler find any Forbidden character in your uploaded files. Sometimes they may contact you directly to remove the phishing files. If they receive notification, they will remove the files automatically and notify you that your website contained phishing files and may suspend your account.
The second problem is browser detecting the phishing pages and warning the users, The most popular web browsers detect and block phishing attacks, Detecting Phishing and Malware sites by browsers like Chrome and IE is based on lookups made into databases. These databases are held by the browser owners and DNS servers.
Warning & Disclaimer: Making a phishing page is not illegal, but using a phishing page is illegal. This tutorial is just to show you, “How to create phishing page?”. If you use this to hack anyone account, then I AM not responsible for it. Do anything on your own risk.
- No suspension ( From free web host )
- Undetectable ( Bypassing browser detection )
- Responsive ( Mobile version + Desktop version )
- Free Domain
- SSL encryption certificate ( https secure browsing with cloudflare )
Steps to follow:
- Signup for Free web host
- Download phisher files and modify it
- Upload the files to web host
- Register a custom domain and set it up
- Set up ssl for domain
Step 1: Signup for Free web host
For this method we have to sign up for two free hosting sites, www.55freehost.com and www.000webhost.com .
Page index files we will upload in 000webhost and the phishing php code goes in 55freehost.
First of all go to https://www.000webhost.com/free-website-sign-up .
Fill the form with your email address and give a website name, the name of my website is picatesfbdemo.
After clicking sign up verify your email by clicking the link in in your mail inbox.
Now click the button (Manage website“your website name” ).
Now you have a page with your website domain. please not the name.
My domain: picatesfbdemo.000webhostapp.com
okay. Now we have to sign up to 55freehost.com .
(Don’t close the 000webhost page tab because we need it later)
Open a new tab and go to this link: http://55freehost.com/free-hosting-signup.php
Fill the form with your email and click register. ( your user name will be your domain)
Check your email spam folder to verify your account. After clicking the verification link a page will open up with your account information.
Note your control panel user name and website Url . the website URL we need later in step 2, so please note it.
My url: http://picatesfbdemo.55freehost.com .
Now go to control panel by clicking the link: http://cpanel.55freehost.com/
Type your control panel user name you already got and password you set when sign up, then click Log in button.
Okay, now we have 2 free hosting account.
Don’t close the both web host control panel tabs because we need it later.. now let’s go to next step.
Step 2: Download the phisher files and modify it
Unzip this file and there you can see 6 files and 1 folder.
(desktop_files, d_data.php, desktop.jpg, index.php, m_data.php, mobile.jpg, mobile_detect.php)
Now we have to modify 2 files here (desktop.jpg and mobile.jpg)
First right click on the desktop.jpg and choose option open with and select notepad.
Press ctrl+f in notepad.
A find box will fire up and there you type picatesfbdemo.55freehost.com (my 55freehost url) and replace it with your 55freehost url we created in step 1.
Keep the /d_data.php at the end of your url. (see the picture below)
Now click on file menu and save it.
Okay, now repeat the same process with mobile.jpg file.
Done, we are successfully modified the two files , now Let’s upload this files.
Step 3: Upload the files to web host
Go to 000webhost page we signed up before. (hope you didn’t close it)
Click on Upload now button.
Now the file manager will open up.
(If it showing login error then just log out the account and login again with your email and pass)
Open the public_html folder.
Click the new folder icon on the top right side.
Type the folder name as desktop_files and click create button.
Now open the desktop_files folder and click the Upload files button on the top right side.
Click the Select files and navigate to the downloaded desktop_files folder and select all the files inside it by clicking ctrl+a.
Then click open.
click upload button.
Now go back to public_html folder by clicking the folder name in the left side bar.
Again click Upload files button and select the 4 files.
(desktop.jpg, index.php, mobile.jpg, mobile_detect.php)
Click upload button.
Make sure you have uploaded the 4 files and 1 folder inside public_html folder as same as the below screen shot.
Now Let’s go to 55freehost and upload the remaining 2 files there. (d_data.php, m_data.php)
Go to 55freehost control panel page we are logged in before.
Or Log in here: http://cpanel.55freehost.com/
Open the online file manager icon under the files section.
open the htdocs folder.
Delete the index2.html file inside it.
Click the Upload button on the top left.
Click the choose file button on the left side .
Select the d_data.php and m_data.php files one by one. (this is the files we are modified before)
Click the green tick to upload the files.
Click the back button.
Now we have uploaded the 2 files inside the htdocs folder as shown below screen shot.
okay, upload completed.
Now let’s check the page .
Go to your 000webhost url,
In my case it is http://picatesfbdemo.000webhostapp.com/
It is working , type something in the email and password filed and click login.
To see the email and pass you entered go to your 55freehost url and add users.html at the end of it.
My url is: http://picatesfbdemo.55freehost.com/users.html
Step 4: Register a custom domain and set it up
Go to freenom: http://www.freenom.com/
Type your desired domain and click on check availability.
I choose .tk domain .
click the get it now next to your domain.
Now the checkout page will come up. Enter your email id and click on verify my email address button.
Open your email inbox and click on the verification link.
In the next page enter your personal details and click on complete order button. (Don’t forget to tick terms and conditions)
Click on Click here to go to your client area button.
Sign in with your email and pass.
Click tab services on the top right and select my domains.
There you can see your registered domain , click the manage domain.
Click on Management tools tab and select Nameservers.
Tick Use custom nameservers .
Then clear all fields.
Now go to members area of your 000webhost account.
Click on Set web address .
Click on Own domain.
In the pop up box type your freenom registered .tk domain.
Then click on Park domain.
(Note the nameservers : ns01.000webhost.com, ns02.000webhost.com)
Now go back to freenom page.
fill the 1 and 2 nameserver field with 000webhost nameservers.
Click on Change nameservers button.
Now wait for sometimes .
After 10 to 30 minutes check your new domain with www.
My domain is: http://www.picatesfbdemo.tk/
holaaa… it’s working.
Step 5: Set up ssl for domain
Why need to make ssl certified domain?
When victim open the url our domain stay with a https protocol , so victim will trust it as a legit page and he will enter his username and pass. 🙂
So let’s do this,
Go to Cloudflare signup page: https://www.cloudflare.com/a/sign-up
Type your email and pass then signup.
In the next page type your freenom domain under Add a website section.
Click on Scan DNS records.
Wait for sometime.
After completed scanning click on continue .
Again click continue.
Now choose the free plan and click continue.
Now next page will tell you to change the namesrver of your domain.
(note the nameservers)
Go to your freenom namesrver page we opened before.
Replace the 000webhost nameservers with the cloudeflare nameservers.
click on change nameservers button.
Now come back to Cloudflare page and click on continue.
Now the Dashboard will come up , click on Recheck nameservers button.
Click on the Crypto button on the top.
Under the SSL section make it Flexible.
Okay , Done.
It may take 24 hrs to authorize ssl on your domain, after few hrs try to open your domain with https protocol.
My https domain is : https://www.picatesfbdemo.tk/
Congratulation. you are done 🙂
When you browse the url from desktop it will show the desktop version of facebook and in mobile phone it will show the mobile version of facebook.