Note: This post is updated with new undetectable phishing files
This app is actually looks like real facebook app with real facebook icon so victim can’t find out whether it’s a fake facebook application or not.
Sending fake page’s url to victim is not possible now a days ,that method is easily detectable in firefox and google chrome browsers that’s why i’m tested this new method to phishing facebook and it works good.
Read my previous tutorial to create latest undetectable facebook phishing page
1. Make a phishing facebook login page as android browser and host to web 2. Make an android application using online app creator
Step 1: Make a phishing facebook login page as android browser and host to web (Undetectable)
It contains 5 phishing page files including a folder.
Features: >> It is undetectable ,so the page will not be suspended by any free web hosting site.
>> Customized facebook phishing page files for mobile browser (It will automatically redirect to real facebook page with notification of ‘Your password was incorrect’ while log in from fake phishing page so victim will think he entered wrong password and he won’t have any doubt about is it fake or real?). Now you have to upload the ZIP file (facebookmobile-app.zip) to web hosting site and get the phishing page’s url.
Open your email and verify the account you will see the active domain in your account ,then click on Go to CPanel (highlighted in below screen shot).
Now open the first file manager icon under File managers section.
Go to “public_html” folder and delete the 2 files inside it. then click on “upload“.
Below “Archives” section click on “Choose file“.
Select the zip file Which you have created above (In our case it is ‘facebookmobile-app.zip‘).
Click on the “green tick“.
Now what will happen,when your hosting privder will test your content they will get a innocent php file reading another file.and when they try will to access “login.jpg” file they will get an invalid/corrupted image.
Now Access your URL with this id at end (/?id=facebookmobile)
Download app to your computer then install it on your android device.
How to see stored email and pass?
When victim enter the email and and password in this app it will be stored in our ‘users.txt‘ file inside 000webhost > your domain > file manager > public_html, to see that click the view button next to users.txtfile.
Inside users.txt file you can see the victim’s email and password (highlighted part in below screen shot).
If you have any doubt in this tutorial just type down a comment here.