In the previous section, we have seen that with a few lines of Python code we can redirect traffic to the attacker machine instead of going to https://www.google.jo/?gws_rd=ssl. This time, we will see how an attacker can take advantage of manipulating the DNS record for Facebook, redirect traffic to the phishing page, and grab the account password.
First, we need to set up a phishing page.
Note
You need not be an expert in web programming. You can easily Google the steps for preparing a phishing account.
- To create a phishing page, first open your browser and navigate to the Facebook login page. Then, on the browser menu, click on
File
and then onSave page as...
. Then, make sure that you choose a complete page from the drop-down menu. - The output should be an
.html
file. - Now let's extract some data here. Open the
Phishing
folder from the code files provided with this book. Rename the Facebook HTML pageindex.html
. - Inside this HTML, we have to change the login form. If...