Follow me, and I will make you phishers of men

This is a tutorial on how to phish using Kali Linux. Please be reminded that this is for educational purpose only. Use at your own risk.

Image for post
Image for post
Image taken from ShutterStock
  1. First step is to start your Kali Linux box. In my case, I used my Kali inside my Virtual Box. If you are using Virtual Machine make sure that your Kali Linux can access the internet.
Image for post
Image for post
The default username = root and password = toor.

2. Open Terminal and start Apache2 server.

Image for post
Image for post
command: service apache2 start

3. Next step is to create your desired URL using serveo.net

Image for post
Image for post
command: ssh -R [your desired URL]:80:localhost:80 serveo.net

4. Create a fake website, in my case it’s Facebook login page.

Image for post
Image for post
Image for post
Image for post
Create this in post.php in /var/www/html directory using any text editor.

5. Navigate to your storage, access /var/www/html and execute this command to take ownership of the folder chmod 1777 /var/www/html.

Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

6. Access the html and post file from facebook. In order to get this files, right click on the site you want to fake and save it as html file.

Image for post
Image for post

7. After acquiring your html file you want to phish with, in my case it’s facebook, go and edit post.php. The post.php will be the redirect site when the victim logs in to your phishing site..

Image for post
Image for post
In this case, my redirect site is youtube.com

8. Sample!!!

Image for post
Image for post
This is the result of the face URL we created using serveo.net and put /fb.html as an extension. In my case it’s /fb.html.

9. The credentials will be saved in the text file with your html and php file.

Image for post
Image for post

10. For more information regarding serveo. Navigate to serveo.net website.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store